Vulnerability Summary for the Week of February 5, 2024

Released
Feb 12, 2024
Document ID
SB24-043

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
allegro_ai -- clearmlLack of authentication in all versions of the fileserver component of Allegro AI's ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files.2024-02-069.8CVE-2024-24592
6f8de1f0-f67e-45a6-b68f-98777fdb759c
allegro_ai -- clearmlA cross-site request forgery (CSRF) vulnerability in all versions of the api and web server components of Allegro AI's ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks.2024-02-069.6CVE-2024-24593
6f8de1f0-f67e-45a6-b68f-98777fdb759c
allegro_ai -- clearmlA cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI's ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.2024-02-069.9CVE-2024-24594
6f8de1f0-f67e-45a6-b68f-98777fdb759c
allegro_ai -- clearmlDeserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI's ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user's system when interacted with.2024-02-068CVE-2024-24590
6f8de1f0-f67e-45a6-b68f-98777fdb759c
allegro_ai -- clearmlA path traversal vulnerability in version 1.4.0 or newer of Allegro AI's ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user's system when interacted with.2024-02-068CVE-2024-24591
6f8de1f0-f67e-45a6-b68f-98777fdb759c
ampps -- amppsA vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written.2024-02-027.5CVE-2024-1189
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
angular -- angularThis affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).2024-02-107.5CVE-2024-21490
report@snyk.io
report@snyk.io
apache_software_foundation -- pulsarObservable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file. Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker. 2.11 Pulsar users should upgrade to at least 2.11.3. 3.0 Pulsar users should upgrade to at least 3.0.2. 3.1 Pulsar users should upgrade to at least 3.1.1. Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions. For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .2024-02-077.4CVE-2023-51437
security@apache.org
security@apache.org
apache_software_foundation -- sling_servlets_resolverMalicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script.  Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not.2024-02-068.5CVE-2024-23673
security@apache.org
security@apache.org
apachefriends -- xamppA buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).2024-02-029.8CVE-2024-0338
cve-coordination@incibe.es
artifex -- mupdfmupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.2024-02-057.5CVE-2024-24258
cve@mitre.org
artifex -- mupdfmupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.2024-02-057.5CVE-2024-24259
cve@mitre.org
automattic_inc -- crowdsignal_dashboard_polls,_surveys_&_moreImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard - Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard - Polls, Surveys & more: from n/a through 3.0.11.2024-02-107.1CVE-2023-51488
audit@patchstack.com
b&r_industrial_automation -- automation_runtimeUse of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime (SDM modules). The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. A network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.   This issue affects Automation Runtime: from 14.0 before 14.93.2024-02-059.8CVE-2024-0323
cybersecurity@ch.abb.com
b&r_industrial_automation -- automation_studioIncorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.2024-02-028.8CVE-2020-24681
cybersecurity@ch.abb.com
b&r_industrial_automation -- automation_studioUnquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.2024-02-027.8CVE-2020-24682
cybersecurity@ch.abb.com
b&r_industrial_automation -- automation_studio: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.2024-02-027.5CVE-2021-22281
cybersecurity@ch.abb.com
b&r_industrial_automation -- automation_studioImproper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.2024-02-027.8CVE-2021-22282
cybersecurity@ch.abb.com
biteship -- biteship_plugin_ongkos_kirim_kurir_instant_reguler_kargoImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.2024-02-057.1CVE-2024-24866
audit@patchstack.com
blurams -- lumi_security_camera_a31c_firmwareAn issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code.2024-02-029.8CVE-2023-50488
cve@mitre.org
cve@mitre.org
canon_inc -- satera_lbp670c_seriesBuffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2023-6231
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
canon_inc -- satera_lbp670c_seriesBuffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2023-6232
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
canon_inc -- satera_lbp670c_seriesBuffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2023-6233
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
canon_inc -- satera_lbp670c_seriesBuffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2023-6234
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
canon_inc -- satera_mf750c_seriesBuffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2024-0244
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
canon_inc -- satera_lbp670c_seriesBuffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2023-6229
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
canon_inc -- satera_lbp670c_seriesBuffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2023-6230
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
chendotjs -- lotos_webserverLotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c.2024-02-057.5CVE-2024-24263
cve@mitre.org
cisco -- cisco_secure_endpointA vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog.2024-02-077.5CVE-2024-20290
ykramarz@cisco.com
cisco -- cisco_telepresence_video_communication_server_(vcs)_expresswayA vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.2024-02-078.2CVE-2024-20255
ykramarz@cisco.com
cisco -- mutiple_productsMultiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.2024-02-079.6CVE-2024-20252
ykramarz@cisco.com
cisco -- mutiple_productsMultiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.2024-02-079.6CVE-2024-20254
ykramarz@cisco.com
composer -- composerComposer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:```sh rm vendor/composer/installed.php vendor/composer/InstalledVersions.php composer install --no-scripts --no-plugins ```2024-02-098.8CVE-2024-24821
security-advisories@github.com
security-advisories@github.com
cpio -- cpioA path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system.2024-02-058.8CVE-2023-7216
secalert@redhat.com
secalert@redhat.com
crafty_controller -- crafty_controllerA host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header2024-02-037.5CVE-2024-1064
cve@gitlab.com
degamisu -- open-irsopen-irs is an issue response robot that reponds to issues in the installed repository. The `.env` file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets.2024-02-029.8CVE-2024-24757
security-advisories@github.com
dell -- bsafe_crypto-c-micro-editionDell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.2024-02-029.8CVE-2020-29504
security_alert@emc.com
dell -- bsafe_micro-edition-suiteDell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.2024-02-029.8CVE-2021-21575
security_alert@emc.com
dell -- bsafe_ssl-jDell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.2024-02-029.8CVE-2022-34381
security_alert@emc.com
dell -- data_protection_searchDell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.2024-02-068.8CVE-2024-22433
security_alert@emc.com
dell -- dell_display_managerDell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation2024-02-067.3CVE-2023-32451
security_alert@emc.com
dell -- dell_power_manager_(dpm)Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.2024-02-067.8CVE-2023-25543
security_alert@emc.com
diracgrid -- diracDIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-099.1CVE-2024-24825
security-advisories@github.com
security-advisories@github.com
emerson -- rosemount_gc370xaIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.2024-02-098.3CVE-2023-51761
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
emerson_rosemount-- mutiple productsIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.2024-02-099.8CVE-2023-46687
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
envoyproxy -- envoyEnvoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-098.6CVE-2024-23324
security-advisories@github.com
security-advisories@github.com
envoyproxy -- envoyEnvoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-097.5CVE-2024-23322
security-advisories@github.com
security-advisories@github.com
envoyproxy -- envoyEnvoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn't supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-097.5CVE-2024-23325
security-advisories@github.com
security-advisories@github.com
envoyproxy -- envoyEnvoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-097.5CVE-2024-23327
security-advisories@github.com
security-advisories@github.com
flusity -- flusityCross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.2024-02-058.8CVE-2024-24468
cve@mitre.org
flusity -- flusityCross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.2024-02-058.8CVE-2024-24469
cve@mitre.org
flusity -- flusityCross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.2024-02-028.8CVE-2024-24470
cve@mitre.org
flusity -- flusityCross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.2024-02-028.8CVE-2024-24524
cve@mitre.org
fortinet -- fortios/fortiproxyAn out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests2024-02-099.8CVE-2024-21762
psirt@fortinet.com
fortinet -- fortisiemAn improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.2024-02-059.8CVE-2024-23108
psirt@fortinet.com
fortinet -- fortisiemAn improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.2024-02-059.8CVE-2024-23109
psirt@fortinet.com
google -- androidIn alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.2024-02-059.8CVE-2024-20011
security@mediatek.com
google -- androidIn alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150.2024-02-058.8CVE-2024-20009
security@mediatek.com
google -- androidIn mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.2024-02-057.5CVE-2024-20007
security@mediatek.com
google -- androidIn telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419.2024-02-057.8CVE-2024-20015
security@mediatek.com
gpac -- gpacgpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.2024-02-057.5CVE-2024-24265
cve@mitre.org
gpac -- gpacgpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.2024-02-057.5CVE-2024-24266
cve@mitre.org
gpac -- gpacgpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.2024-02-057.5CVE-2024-24267
cve@mitre.org
graphviz -- graphvizGraphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.2024-02-027.8CVE-2023-46045
cve@mitre.org
cve@mitre.org
cve@mitre.org
graylog2 -- graylog2_serverGraylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue.2024-02-078.8CVE-2024-24824
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
gttb -- gtb_central_consoleAn issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known value.2024-02-029.8CVE-2024-22108
cve@mitre.org
cve@mitre.org
gttb -- gtb_central_consoleAn issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform.2024-02-027.2CVE-2024-22107
cve@mitre.org
cve@mitre.org
hashicorp -- boundaryBoundary and Boundary Enterprise ("Boundary") is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.2024-02-058CVE-2024-1052
security@hashicorp.com
hashicorp -- nomadHashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.2024-02-087.7CVE-2024-1329
security@hashicorp.com
ibm -- cloud_pak_systemIBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733.2024-02-027.5CVE-2023-38273
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- engineering_lifecycle_optimization_publishingIBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755.2024-02-097.5CVE-2023-45191
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073.2024-02-029.8CVE-2023-32333
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- operational_decision_managerIBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.2024-02-029.8CVE-2024-22319
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- operational_decision_managerIBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.2024-02-028.8CVE-2024-22320
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.2024-02-029.8CVE-2023-50940
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.2024-02-028.8CVE-2023-50936
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107.2024-02-027.5CVE-2023-50326
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.2024-02-027.5CVE-2023-50937
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.2024-02-027.5CVE-2023-50939
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_access_manager_containerIBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.2024-02-077.5CVE-2023-38369
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_accessIBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957.2024-02-079.8CVE-2023-32328
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_accessIBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977.2024-02-079.8CVE-2023-32330
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_accessIBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155.2024-02-077.2CVE-2023-43017
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765.2024-02-039CVE-2023-31004
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651.2024-02-037.5CVE-2023-30999
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767.2024-02-037.8CVE-2023-31005
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776.2024-02-037.5CVE-2023-31006
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783.2024-02-037.1CVE-2023-32327
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154.2024-02-037.3CVE-2023-43016
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- soar_qradar_plugin_appIBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577.2024-02-028.8CVE-2023-38263
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- spectrum_protect_plusIBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599.2024-02-027.5CVE-2023-47148
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- storage_defender_ -- resiliency_serviceIBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.2024-02-108CVE-2023-50957
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.2024-02-029.8CVE-2023-47143
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267.2024-02-028.8CVE-2023-47142
psirt@us.ibm.com
psirt@us.ibm.com
icinga -- icingaweb2_module_directorIcinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being.2024-02-098.3CVE-2024-24820
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
ireader -- media-servermedia-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c.2024-02-057.5CVE-2024-24260
cve@mitre.org
ireader -- media-servermedia-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c.2024-02-057.5CVE-2024-24262
cve@mitre.org
jetbrains -- teamcityIn JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible2024-02-069.8CVE-2024-23917
cve@jetbrains.com
jfinalcms_project -- jfinalcmsJFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.2024-02-029.8CVE-2024-24029
cve@mitre.org
jishenghua -- jsherpjshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism.2024-02-079.8CVE-2024-24001
cve@mitre.org
cve@mitre.org
jishenghua -- jsherpjshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.2024-02-079.8CVE-2024-24002
cve@mitre.org
cve@mitre.org
jishenghua -- jsherpjshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.2024-02-089.8CVE-2024-24003
cve@mitre.org
cve@mitre.org
jishenghua -- jsherpjshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.2024-02-079.8CVE-2024-24004
cve@mitre.org
cve@mitre.org
jsish -- jsishJsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.2024-02-079.8CVE-2024-24186
cve@mitre.org
jsish -- jsishJsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.2024-02-079.8CVE-2024-24188
cve@mitre.org
jsish -- jsishJsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.2024-02-079.8CVE-2024-24189
cve@mitre.org
kddi -- home_spot_cube_2_firmwareHeap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported.2024-02-029.8CVE-2024-23978
vultures@jpcert.or.jp
vultures@jpcert.or.jp
kddi -- home_spot_cube_2_firmwareStack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported.2024-02-027.5CVE-2024-21780
vultures@jpcert.or.jp
vultures@jpcert.or.jp
kihron -- serverrpexposerDirectory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java.2024-02-029.8CVE-2024-22779
cve@mitre.org
cve@mitre.org
cve@mitre.org
ledgersmb -- ledgersmbLedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.2024-02-027.5CVE-2024-23831
security-advisories@github.com
security-advisories@github.com
libexpat_project -- libexpatlibexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.2024-02-047.5CVE-2023-52425
cve@mitre.org
libgit2 -- libgit2libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.2024-02-068.6CVE-2024-24577
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
libgit2 -- libgit2libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.2024-02-067.5CVE-2024-24575
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
libuv -- libuvlibuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-077.3CVE-2024-24806
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
liferay -- portal/dxpStored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.2024-02-079.6CVE-2024-25145
security@liferay.com
liveconfig -- liveconfigDirectory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint.2024-02-027.5CVE-2024-22851
cve@mitre.org
magic_hills_pty_ltd -- wonder_slider_liteImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS. This issue affects Wonder Slider Lite: from n/a through 13.9.2024-02-087.1CVE-2024-24877
audit@patchstack.com
mailcow -- mailcow-dockerizedmailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`.2024-02-027.3CVE-2024-24760
security-advisories@github.com
security-advisories@github.com
mate_desktop -- engrampaEngrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.2024-02-058.2CVE-2023-52138
security-advisories@github.com
security-advisories@github.com
mediatek -- nr15In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981).2024-02-057.5CVE-2024-20003
security@mediatek.com
mediatek -- nr15In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985).2024-02-057.5CVE-2024-20004
security@mediatek.com
meshcentral -- meshcentralYlianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.2024-02-027.5CVE-2023-51838
cve@mitre.org
cve@mitre.org
cve@mitre.org
mia_technology_inc. -- mia-medExposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users. This issue affects MİA-MED: before 1.0.7.2024-02-087.5CVE-2023-6517
iletisim@usom.gov.tr
mia_technology_inc. -- mia-medPlaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7.2024-02-087.5CVE-2023-6518
iletisim@usom.gov.tr
mia_technology_inc. -- mia-medExposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7.2024-02-087.5CVE-2023-6519
iletisim@usom.gov.tr
mia_technology_inc -- mia-medAuthorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7.2024-02-088.8CVE-2023-6515
iletisim@usom.gov.tr
microsoft -- edge_chromiumMicrosoft Edge (Chromium-based) Remote Code Execution Vulnerability2024-02-028.3CVE-2024-21399
secure@microsoft.com
miro -- miroMiro Desktop 0.8.18 on macOS allows Electron code injection.2024-02-029.8CVE-2024-23746
cve@mitre.org
cve@mitre.org
cve@mitre.org
mrcms -- mrcmsMRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.2024-02-027.5CVE-2024-24161
cve@mitre.org
nationalkeep -- cybermathUnrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server. This issue affects CyberMath: from v.1.4 before v.1.5.2024-02-029.8CVE-2023-6675
iletisim@usom.gov.tr
nationalkeep -- cybermathCross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery. This issue affects CyberMath: from v1.4 before v1.5.2024-02-028.8CVE-2023-6676
iletisim@usom.gov.tr
oduyo --financial_technology_online_collectionImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2.2024-02-099.8CVE-2023-6677
iletisim@usom.gov.tr
open_formulieren -- open_formsOpen Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could potentially have the second-factor authentication bypassed if an attacker somehow managed to authenticate to Open Forms. The maintainers of Open Forms do not believe it is or has been possible to perform this login. However, if this were possible, the victim's account may be abused to view (potentially sensitive) submission data or have been used to impersonate other staff accounts to view and/or modify data. Three mitigating factors to help prevent exploitation include: the usual login page (at `/admin/login/`) does not fully log in the user until the second factor was succesfully provided; the additional non-MFA protected login page at `/api/v2/api-authlogin/` was misconfigured and could not be used to log in; and there are no additional ways to log in. This also requires credentials of a superuser to be compromised to be exploitable. Versions 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain the following patches to address these weaknesses: Move and only enable the API auth endpoints (`/api/v2/api-auth/login/`) with `settings.DEBUG = True`. `settings.DEBUG = True` is insecure and should never be applied in production settings. Additionally, apply a custom permission check to the hijack flow to only allow second-factor-verified superusers to perform user hijacking.2024-02-077.7CVE-2024-24771
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
openharmony -- openharmonyin OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write.2024-02-028.8CVE-2023-45734
scy@openharmony.io
openharmony -- openharmonyin OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.2024-02-028.8CVE-2024-21860
scy@openharmony.io
openharmony -- openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.2024-02-027.8CVE-2024-21845
scy@openharmony.io
openharmony -- openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.2024-02-027.8CVE-2024-21851
scy@openharmony.io
openobserve -- openobserveOpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-089.9CVE-2024-24830
security-advisories@github.com
openobserve -- openobserveOpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/{org_id}/users/{email_id}" endpoint. This vulnerability allows any authenticated user within an organization to remove any other user from that same organization, irrespective of their respective roles. This includes the ability to remove users with "Admin" and "Root" roles. By enabling any organizational member to unilaterally alter the user base, it opens the door to unauthorized access and can cause considerable disruptions in operations. The core of the vulnerability lies in the `remove_user_from_org` function in the user management system. This function is designed to allow organizational users to remove members from their organization. The function does not check if the user initiating the request has the appropriate administrative privileges to remove a user. Any user who is part of the organization, irrespective of their role, can remove any other user, including those with higher privileges. This vulnerability is categorized as an Authorization issue leading to Unauthorized User Removal. The impact is severe, as it compromises the integrity of user management within organizations. By exploiting this vulnerability, any user within an organization, without the need for administrative privileges, can remove critical users, including "Admins" and "Root" users. This could result in unauthorized system access, administrative lockout, or operational disruptions. Given that user accounts are typically created by "Admins" or "Root" users, this vulnerability can be exploited by any user who has been granted access to an organization, thereby posing a critical risk to the security and operational stability of the application. This issue has been addressed in release version 0.8.0. Users are advised to upgrade.2024-02-089.1CVE-2024-25106
security-advisories@github.com
panterasoft -- hdd_healthSearch path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation.2024-02-027.8CVE-2024-1201
cve-coordination@incibe.es
ping_identity -- pingfederateAuthentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.2024-02-068.8CVE-2023-40545
responsible-disclosure@pingidentity.com
responsible-disclosure@pingidentity.com
responsible-disclosure@pingidentity.com
postgresql -- postgresqlLate privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.2024-02-088CVE-2024-0985
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
pt_woo_plugins_(by_webdados) -- portugal_ctt_tracking_for_woocommerceImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS. This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1.2024-02-087.1CVE-2024-24878
audit@patchstack.com
qibosoft -- qibocms_x1A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-057.3CVE-2024-1225
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
qnap -- photo_stationAn OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later2024-02-028.8CVE-2023-47562
security@qnapsecurity.com.tw
qnap -- qsync_centralAn incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later2024-02-028.1CVE-2023-47564
security@qnapsecurity.com.tw
qnap -- qtsAn improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later2024-02-029.8CVE-2023-39303
security@qnapsecurity.com.tw
qnap -- qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later2024-02-029.8CVE-2023-45025
security@qnapsecurity.com.tw
qnap -- qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later2024-02-028.8CVE-2023-39297
security@qnapsecurity.com.tw
qnap -- qtsA SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later2024-02-028.8CVE-2023-47568
security@qnapsecurity.com.tw
qnap -- qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-39302
security@qnapsecurity.com.tw
qnap -- qtsA heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41273
security@qnapsecurity.com.tw
qnap -- qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41275
security@qnapsecurity.com.tw
qnap -- qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41276
security@qnapsecurity.com.tw
qnap -- qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41277
security@qnapsecurity.com.tw
qnap -- qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41278
security@qnapsecurity.com.tw
qnap -- qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41279
security@qnapsecurity.com.tw
qnap -- qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41280
security@qnapsecurity.com.tw
qnap -- qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41281
security@qnapsecurity.com.tw
qnap -- qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41282
security@qnapsecurity.com.tw
qnap -- qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41283
security@qnapsecurity.com.tw
qnap -- qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41292
security@qnapsecurity.com.tw
qnap -- qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-45035
security@qnapsecurity.com.tw
qnap -- qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-45036
security@qnapsecurity.com.tw
qnap -- qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-45037
security@qnapsecurity.com.tw
qnap -- qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-47566
security@qnapsecurity.com.tw
qnap -- qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-47567
security@qnapsecurity.com.tw
qolsys_inc -- iq_panel_4Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.2024-02-087.3CVE-2024-0242
productsecurity@jci.com
productsecurity@jci.com
qualcomm -- 315_5g_iot_modem_firmwareTransient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.2024-02-067.5CVE-2023-33049
product-security@qualcomm.com
qualcomm -- 315_5g_iot_modem_firmwareTransient DOS in Multi-Mode Call Processor while processing UE policy container.2024-02-067.5CVE-2023-33057
product-security@qualcomm.com
qualcomm -- 315_5g_iot_modem_firmwareMemory corruption in Core while processing control functions.2024-02-067.8CVE-2023-33072
product-security@qualcomm.com
qualcomm -- 315_5g_iot_modem_firmwareMemory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.2024-02-067.8CVE-2023-43513
product-security@qualcomm.com
qualcomm -- 315_5g_iot_modem_firmwareTransient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.2024-02-067.5CVE-2023-43533
product-security@qualcomm.com
qualcomm -- 315_5g_iot_modem_firmwareTransient DOS while parse fils IE with length equal to 1.2024-02-067.5CVE-2023-43536
product-security@qualcomm.com
qualcomm -- 9206_lte_modem_firmwareMemory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.2024-02-067.8CVE-2023-33067
product-security@qualcomm.com
qualcomm -- 9206_lte_modem_firmwareMemory corruption in Audio while processing IIR config data from AFE calibration block.2024-02-067.8CVE-2023-33068
product-security@qualcomm.com
qualcomm -- 9206_lte_modem_firmwareMemory corruption in Audio while processing the calibration data returned from ACDB loader.2024-02-067.8CVE-2023-33069
product-security@qualcomm.com
qualcomm -- aqt1000_firmwareMemory corruption in video while parsing invalid mp2 clip.2024-02-069.8CVE-2023-43518
product-security@qualcomm.com
qualcomm -- aqt1000_firmwareMemory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.2024-02-069.8CVE-2023-43519
product-security@qualcomm.com
qualcomm -- aqt1000_firmwareInformation disclosure in Audio while accessing AVCS services from ADSP payload.2024-02-067.1CVE-2023-33065
product-security@qualcomm.com
qualcomm -- aqt1000_firmwareMemory corruption in Core when updating rollback version for TA and OTA feature is enabled.2024-02-067.8CVE-2023-33076
product-security@qualcomm.com
qualcomm -- aqt1000_firmwareMemory corruption in HLOS while converting from authorization token to HIDL vector.2024-02-067.8CVE-2023-33077
product-security@qualcomm.com
qualcomm -- aqt1000_firmwareTransient DOS while key unwrapping process, when the given encrypted key is empty or NULL.2024-02-067.5CVE-2023-43522
product-security@qualcomm.com
qualcomm -- ar8035_firmwareInformation disclosure in Modem while processing SIB5.2024-02-069.1CVE-2023-33058
product-security@qualcomm.com
qualcomm -- ar8035_firmwareMemory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.2024-02-069.8CVE-2023-43520
product-security@qualcomm.com
qualcomm -- ar8035_firmwareMemory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.2024-02-069.8CVE-2023-43534
product-security@qualcomm.com
qualcomm -- ar8035_firmwareMemory corruption in Trusted Execution Environment while deinitializing an object used for license validation.2024-02-067CVE-2023-33046
product-security@qualcomm.com
qualcomm -- ar8035_firmwareTransient DOS while processing 11AZ RTT management action frame received through OTA.2024-02-067.5CVE-2023-43523
product-security@qualcomm.com
qualcomm -- fastconnect_6700_firmwareMemory corruption while reading ACPI config through the user mode app.2024-02-067.8CVE-2023-43532
product-security@qualcomm.com
qualcomm -- fastconnect_6700_firmwareMemory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger.2024-02-067.8CVE-2023-43535
product-security@qualcomm.com
qualcomm -- fastconnect_6900_firmwareMemory corruption when malformed message payload is received from firmware.2024-02-067.8CVE-2023-43516
product-security@qualcomm.com
qualcomm -- qam8255p_firmwareMemory corruption in Automotive Multimedia due to improper access control in HAB.2024-02-067.8CVE-2023-43517
product-security@qualcomm.com
rapidscada -- rapid_scadaIn Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port.2024-02-029.8CVE-2024-21764
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
rapidscada -- rapid_scadaIn Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation.2024-02-027.8CVE-2024-22016
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
remyandrade -- testimonial_page_managerA vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695.2024-02-029.8CVE-2024-1197
cna@vuldb.com
cna@vuldb.com
samsung -- magician_pc_softwareImproper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data.2024-02-077.3CVE-2024-23769
cve@mitre.org
samsung_mobile -- samsung_mobile_devicesOut-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.2024-02-068.4CVE-2024-20812
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesOut-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.2024-02-068.4CVE-2024-20813
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim&#39;s mobile hotspot without user awareness.2024-02-068CVE-2024-20815
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim&#39;s mobile hotspot without user awareness.2024-02-068CVE-2024-20816
mobile.security@samsung.com
silabs -- gecko_software_development_kitA potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution2024-02-027.5CVE-2023-6387
product-security@silabs.com
product-security@silabs.com
silabs -- gecko_software_development_kitPrior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number2024-02-057.5CVE-2023-6874
product-security@silabs.com
product-security@silabs.com
snow_software -- inventory_agentImproper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages. This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.2024-02-087.8CVE-2024-1149
security@snowsoftware.com
snow_software -- inventory_agentImproper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages. This issue affects Inventory Agent: through 7.3.1.2024-02-087.8CVE-2024-1150
security@snowsoftware.com
software_engineering_consultancy_machine_equipment_limited_company -- hearing_tracking_systemAuthorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.2024-02-098.8CVE-2023-6724
iletisim@usom.gov.tr
softwarefx -- chart_fxAn issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests.2024-02-027.5CVE-2023-39611
cve@mitre.org
solarwinds -- solarwinds_platformSQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited2024-02-068CVE-2023-50395
psirt@solarwinds.com
psirt@solarwinds.com
solarwinds -- solarwinds_platformSQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited.2024-02-068CVE-2023-35188
psirt@solarwinds.com
psirt@solarwinds.com
tiangolo -- fastapiFastAPI is a web framework for building APIs with Python 3.8+ based on standard Python type hints. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests. It's a ReDoS(Regular expression Denial of Service), it only applies to those reading form data, using `python-multipart`. This vulnerability has been patched in version 0.109.1.2024-02-057.5CVE-2024-24762
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
tp-link -- er7206_firmwareA post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.2024-02-067.2CVE-2023-36498
talos-cna@cisco.com
tp-link -- er7206_firmwareA post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-42664
talos-cna@cisco.com
tp-link -- er7206_firmwareA command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-43482
talos-cna@cisco.com
tp-link -- er7206_firmwareA post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-46683
talos-cna@cisco.com
tp-link -- er7206_firmwareA post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-47167
talos-cna@cisco.com
tp-link -- er7206_firmwareA post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-47209
talos-cna@cisco.com
tp-link -- er7206_firmwareA post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-47617
talos-cna@cisco.com
tp-link -- er7206_firmwareA post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-47618
talos-cna@cisco.com
vinchin -- vinchin_backup_and_recoveryVinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.2024-02-029.8CVE-2024-22901
cve@mitre.org
cve@mitre.org
cve@mitre.org
vinchin -- vinchin_backup_and_recoveryVinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.2024-02-029.8CVE-2024-22902
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
vinchin -- vinchin_backup_and_recoveryVinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.2024-02-028.8CVE-2024-22899
cve@mitre.org
cve@mitre.org
cve@mitre.org
vinchin -- vinchin_backup_and_recoveryVinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.2024-02-028.8CVE-2024-22900
cve@mitre.org
cve@mitre.org
cve@mitre.org
vinchin -- vinchin_backup_and_recoveryVinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.2024-02-028.8CVE-2024-22903
cve@mitre.org
cve@mitre.org
cve@mitre.org
vmware -- aria_operations_for_networksAria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.2024-02-067.8CVE-2024-22237
security@vmware.com
vmware -- aria_operations_for_networksAria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.2024-02-067.8CVE-2024-22239
security@vmware.com
vyper -- vyperVyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist. There are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check.2024-02-079.8CVE-2024-24563
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
westermo -- lynxThe cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.2024-02-068CVE-2023-38579
ics-cert@hq.dhs.gov
westermo -- lynxA potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.2024-02-068CVE-2023-45735
ics-cert@hq.dhs.gov
wixtoolset -- issuesWiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.2024-02-078.2CVE-2024-24810
security-advisories@github.com
wordpress -- wordpressThe 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorization and does not check the uploaded file in its p3dlite_handle_upload AJAX action, allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.2024-02-059.8CVE-2021-4436
contact@wpscan.com
wordpress -- wordpressThe Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-02-059.8CVE-2023-6933
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Shield Security - Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.2024-02-059.8CVE-2023-6989
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default, this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors.2024-02-059.1CVE-2024-0221
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export.2024-02-029.8CVE-2024-0685
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Cryptocurrency Widgets - Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-059.8CVE-2024-0709
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-089.8CVE-2024-1207
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.2024-02-058.8CVE-2023-6700
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function.2024-02-058.8CVE-2023-6846
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Display custom fields in the frontend - Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. This makes it possible for authenticated attackers with contributor-level and above permissions to call arbitrary functions and execute code.2024-02-058.8CVE-2023-6996
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles.2024-02-058.2CVE-2024-0324
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-108.8CVE-2024-0594
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access.2024-02-058.1CVE-2024-0761
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Instant Images - One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options.2024-02-058.8CVE-2024-0869
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Website Builder by SeedProd - Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23.2024-02-058.2CVE-2024-1072
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-078.8CVE-2024-1118
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.2024-02-057.2CVE-2023-6635
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin (the default is editor role, but access can also be granted to contributor role), to upload arbitrary files on the affected site's server which may make remote code execution possible.2024-02-057.2CVE-2023-6925
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'reset_form' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-057.1CVE-2024-0428
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.2024-02-097.5CVE-2024-0842
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.2024-02-027.2CVE-2024-0844
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content.2024-02-037.5CVE-2024-0909
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.2024-02-087.1CVE-2024-24881
audit@patchstack.com
xiandafu -- beetlBefore Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution.2024-02-029.8CVE-2024-22533
cve@mitre.org
xorg -- xorg-serverAn out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.2024-02-097.8CVE-2024-0229
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
xxyopen -- novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list2024-02-069.8CVE-2024-24013
cve@mitre.org
cve@mitre.org
xxyopen -- novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list2024-02-089.8CVE-2024-24014
cve@mitre.org
cve@mitre.org
xxyopen -- novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit2024-02-069.8CVE-2024-24015
cve@mitre.org
cve@mitre.org
xxyopen -- novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list2024-02-089.8CVE-2024-24017
cve@mitre.org
cve@mitre.org
xxyopen -- novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list2024-02-089.8CVE-2024-24018
cve@mitre.org
cve@mitre.org
xxyopen -- novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list2024-02-079.8CVE-2024-24019
cve@mitre.org
cve@mitre.org
xxyopen -- novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.2024-02-089.8CVE-2024-24021
cve@mitre.org
cve@mitre.org
xxyopen -- novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list.2024-02-089.8CVE-2024-24023
cve@mitre.org
cve@mitre.org
xxyopen -- novel-plusAn arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.2024-02-089.8CVE-2024-24024
cve@mitre.org
cve@mitre.org
xxyopen -- novel-plusAn arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.2024-02-089.8CVE-2024-24025
cve@mitre.org
cve@mitre.org
xxyopen -- novel-plusAn arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.2024-02-089.8CVE-2024-24026
cve@mitre.org
cve@mitre.org
yannick_lefebvre -- link_libraryImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS. This issue affects Link Library: from n/a through 7.5.13.2024-02-087.1CVE-2024-24879
audit@patchstack.com
yarn -- yarnAn untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.2024-02-047.7CVE-2021-4435
patrick@puiterwijk.org
patrick@puiterwijk.org
patrick@puiterwijk.org
patrick@puiterwijk.org
zohocorp -- manageengine_adaudit_plusZoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.2024-02-029.8CVE-2023-48792
cve@mitre.org
cve@mitre.org
zohocorp -- manageengine_adaudit_plusZoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.2024-02-029.8CVE-2023-48793
cve@mitre.org
cve@mitre.org
zohocorp -- manageengine_adaudit_plusManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.2024-02-028.8CVE-2024-0253
0fc0942c-577d-436f-ae8e-945763c79b02
zohocorp -- manageengine_adaudit_plusManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.2024-02-028.8CVE-2024-0269
0fc0942c-577d-436f-ae8e-945763c79b02
zopefoundation -- products_sqlalchemydaSQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem.2024-02-079.8CVE-2024-24811
security-advisories@github.com
security-advisories@github.com

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
1panel-dev -- 1panel1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.2024-02-056.5CVE-2024-24768
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
acowebs -- product_labels_for_woocommerce_(sale_badges)Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3.2024-02-085.9CVE-2024-24886
audit@patchstack.com
allegro_ai -- clearmlAllegro AI's open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.2024-02-056CVE-2024-24595
6f8de1f0-f67e-45a6-b68f-98777fdb759c
ansible -- ansibleAn information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.2024-02-065CVE-2024-0690
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
antisamy_project -- antisamyAntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later.2024-02-026.1CVE-2024-23635
security-advisories@github.com
apache_software_foundation -- ozoneImproper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0. Users are recommended to upgrade to version 1.4.0, which fixes the issue.2024-02-075.3CVE-2023-39196
security@apache.org
security@apache.org
apollo13themes -- apollo13_framework_extensionsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS. This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2.2024-02-086.5CVE-2024-24880
audit@patchstack.com
audrasjb -- gdpr_data_request_formImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS. This issue affects GDPR Data Request Form: from n/a through 1.6.2024-02-086.5CVE-2024-24836
audit@patchstack.com
axis_communications_ab -- axis_osBrandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.2024-02-056.3CVE-2023-5677
product-security@axis.com
axis_communications_ab -- axis_osVintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.2024-02-055.4CVE-2023-5800
product-security@axis.com
beijing_baichuo -- smart_s20_management_platformA vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252993 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-064.7CVE-2024-1254
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
beijing_baichuo -- smart_s40_management_platformA vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-064.7CVE-2024-1253
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
blockmason -- credit-protocol** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of service. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 082e01f18707ef995e80ebe97fcedb229a55efc5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252799. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2024-02-044.3CVE-2018-25098
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
blurams -- lumi_security_camera_a31c_firmwareAn issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code.2024-02-026.8CVE-2023-51820
cve@mitre.org
cve@mitre.org
br-automation -- automation_runtimeA reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user's browser session.2024-02-056.1CVE-2023-6028
cybersecurity@ch.abb.com
ckeditor -- ckeditor4CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts.2024-02-076.1CVE-2024-24815
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
ckeditor -- ckeditor4CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.2024-02-076.1CVE-2024-24816
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
clicktotweet.com -- click_to_tweetImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14.2024-02-106.5CVE-2024-23514
audit@patchstack.com
codeastro -- employee_task_management_systemA vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability.2024-02-035.4CVE-2024-1199
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeastro -- restaurant_pos_systemA vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253011.2024-02-076.3CVE-2024-1268
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
creative_themes -- blocksyImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.0.19.2024-02-086.5CVE-2024-24871
audit@patchstack.com
cryptlib -- cryptlibA security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server's certificate.2024-02-055.9CVE-2024-0202
patrick@puiterwijk.org
cups_easy -- cups_easyA vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.2024-02-026.1CVE-2024-23895
cve-coordination@incibe.es
dan_dulaney -- dan's_embedder_for_google_calendarImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS. This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.2024-02-056.5CVE-2023-51504
audit@patchstack.com
dell -- appsyncDell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.2024-02-086.2CVE-2024-22464
security_alert@emc.com
dell -- cpg_biosDell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.2024-02-066.7CVE-2023-28063
security_alert@emc.com
dell -- dell_bsafe_ssl-jDell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.2024-02-104.4CVE-2023-28077
security_alert@emc.com
dell -- dell_command_monitorDell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.2024-02-064.7CVE-2023-28049
security_alert@emc.com
dell -- dell_display_managerDell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion2024-02-066.6CVE-2023-32474
security_alert@emc.com
dell -- dell_encryptionDell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.2024-02-066.7CVE-2023-32479
security_alert@emc.com
dell -- dup_frameworkDUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service2024-02-066.3CVE-2023-32454
security_alert@emc.com
dev.dans-art -- add_customer_for_woocommerceImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan's Art Add Customer for WooCommerce allows Stored XSS.This issue affects Add Customer for WooCommerce: from n/a through 1.7.2024-02-054.8CVE-2024-24841
audit@patchstack.com
elastic -- apm_serverAn issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.2024-02-075.7CVE-2024-23448
bressers@elastic.co
bressers@elastic.co
elastic -- elastic_network_drive_connectorAn issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.2024-02-075.3CVE-2024-23447
bressers@elastic.co
bressers@elastic.co
elastic -- kibanaAn issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index.2024-02-076.5CVE-2024-23446
bressers@elastic.co
bressers@elastic.co
emerson -- rosemount_gc370xaIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.2024-02-096.9CVE-2023-43609
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
emerson -- rosemount_gc370xaIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.2024-02-096.9CVE-2023-49716
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
enalean -- tuleapTuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.2024-02-065.3CVE-2024-23344
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
envoyproxy -- envoyEnvoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-094.3CVE-2024-23323
security-advisories@github.com
security-advisories@github.com
fivestarplugins -- five_star_restaurant_menuImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5.2024-02-055.4CVE-2024-24838
audit@patchstack.com
forum_one -- wp-cfmCross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm. This issue affects WP-CFM: from n/a through 1.7.8.2024-02-075.4CVE-2024-24706
audit@patchstack.com
audit@patchstack.com
frappe -- frappeFrappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available.2024-02-075.4CVE-2024-24812
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
galleon -- eap_eap-xp_serversAn improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.2024-02-066.8CVE-2023-4503
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
getsentry -- sentrySentry is an error tracking and performance monitoring platform. Sentry's integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-094.3CVE-2024-24829
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
gitlab -- gitlabAn issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.2024-02-086.5CVE-2023-6564
cve@gitlab.com
gitlab -- gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.6.7, all versions starting from 16.7 before 16.7.5, all versions starting from 16.8 before 16.8.2. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.2024-02-076.5CVE-2023-6736
cve@gitlab.com
cve@gitlab.com
gitlab -- gitlabAn issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.2024-02-076.7CVE-2023-6840
cve@gitlab.com
cve@gitlab.com
gitlab -- gitlabAn issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`2024-02-076.5CVE-2024-1066
cve@gitlab.com
globalscape -- cuteftpA vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1190
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
gnu -- coreutilsA flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.2024-02-065.5CVE-2024-0684
patrick@puiterwijk.org
patrick@puiterwijk.org
patrick@puiterwijk.org
google -- androidIn TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601.2024-02-056.7CVE-2024-20001
security@mediatek.com
google -- androidIn TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715.2024-02-056.7CVE-2024-20002
security@mediatek.com
google -- androidIn keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.2024-02-056.7CVE-2024-20010
security@mediatek.com
google -- androidIn keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.2024-02-056.7CVE-2024-20012
security@mediatek.com
google -- androidIn keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608.2024-02-056.7CVE-2024-20013
security@mediatek.com
google -- androidIn ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901.2024-02-054.4CVE-2024-20016
security@mediatek.com
graylog -- graylogGraylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable.2024-02-075.7CVE-2024-24823
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
hcl -- bigfixA cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.2024-02-036.5CVE-2023-37528
psirt@hcl.com
hcl-- devops_deployHCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.2024-02-036.2CVE-2024-23550
psirt@hcl.com
hcl_software -- hcl_sametimeSametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application.2024-02-095.9CVE-2023-50349
psirt@hcl.com
hcl_software -- hcl_sametimeSametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser.2024-02-104CVE-2023-45696
psirt@hcl.com
hcl_software -- hcl_sametimeSametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks.2024-02-104.8CVE-2023-45698
psirt@hcl.com
hcltech -- bigfix_platformA reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page.2024-02-026.1CVE-2023-37527
psirt@hcl.com
hcltech -- bigfix_platformA cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute.2024-02-025.4CVE-2024-23553
psirt@hcl.com
hid_global -- hid_iclass_se_reader_configuration_cardsSensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.2024-02-075.3CVE-2024-23806
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
hid_global -- iclass_se_cp1000_encoderCertain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.2024-02-065.9CVE-2024-22388
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
howard_ehrenberg -- custom_post_carousels_with_owlImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS. This issue affects Custom Post Carousels with Owl: from n/a through 1.4.6.2024-02-106.5CVE-2023-51493
audit@patchstack.com
ibm -- aspera_faspexIBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.2024-02-025.4CVE-2022-40744
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- business_automation_workflowIBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.2024-02-045.4CVE-2023-50947
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- engineering_lifecycle_optimization_publishingIBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.2024-02-096.3CVE-2023-45187
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- engineering_lifecycle_optimization_publishingIBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.2024-02-095.1CVE-2023-45190
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- i_access_client_solutionsIBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.2024-02-095.1CVE-2024-22318
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- integration_bus_for_z/osThe IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.2024-02-096.5CVE-2024-22332
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113.2024-02-026.1CVE-2023-50933
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.2024-02-026.5CVE-2023-50935
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.2024-02-025.3CVE-2023-50327
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.2024-02-025.3CVE-2023-50328
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114.2024-02-025.3CVE-2023-50934
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.2024-02-025.4CVE-2023-50941
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.2024-02-025.9CVE-2023-50962
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powerscIBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.2024-02-024.3CVE-2023-50938
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- powervm_hypervisorIBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695.2024-02-065.3CVE-2023-46183
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_access_manager_containerIBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.2024-02-075.5CVE-2023-31002
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972.2024-02-035.5CVE-2023-32329
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- semeru_runtimeIBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.2024-02-105.9CVE-2024-22361
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- soar_qradar_plugin_appIBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575.2024-02-026.5CVE-2023-38019
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- soar_qradar_plugin_appIBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576.2024-02-024.3CVE-2023-38020
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- sterling_b2b_integratorIBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827.2024-02-096.5CVE-2023-32341
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559.2024-02-094.3CVE-2023-42016
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- storage_cephIBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906.2024-02-026.5CVE-2023-46159
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- storage_defender-resiliency_serviceIBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.2024-02-104.4CVE-2024-22312
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- storage_defender_resiliency_serviceIBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.2024-02-106.2CVE-2024-22313
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- storage_virtualizeIBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.2024-02-075.9CVE-2023-47700
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271.2024-02-026.1CVE-2023-47144
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- urbancode_deployIBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971.2024-02-066.2CVE-2024-22331
psirt@us.ibm.com
psirt@us.ibm.com
ibm-- powervm_hypervisorIBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135.2024-02-045.3CVE-2023-33851
psirt@us.ibm.com
psirt@us.ibm.com
icinga -- icingaweb2-module-incubatoricingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-095.3CVE-2024-24819
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
if_so_plugin -- if-so_dynamic_content_personalizationImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1.2024-02-106.5CVE-2023-51492
audit@patchstack.com
indent-- indent_2.2.13A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash.2024-02-065.5CVE-2024-0911
patrick@puiterwijk.org
patrick@puiterwijk.org
itop -- vpnA vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1195
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
jetbrains -- intellij_ideaIn JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL2024-02-065.3CVE-2024-24941
cve@jetbrains.com
jetbrains -- intellij_ideaIn JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives2024-02-064.3CVE-2024-24940
cve@jetbrains.com
jetbrains -- riderIn JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible2024-02-065.3CVE-2024-24939
cve@jetbrains.com
jetbrains -- teamcityIn JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed2024-02-065.3CVE-2024-24936
cve@jetbrains.com
jetbrains -- teamcityIn JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible2024-02-065.4CVE-2024-24937
cve@jetbrains.com
jetbrains -- teamcityIn JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation2024-02-065.3CVE-2024-24938
cve@jetbrains.com
jetbrains -- teamcityIn JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives2024-02-065.3CVE-2024-24942
cve@jetbrains.com
jetbrains -- toolboxIn JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image2024-02-065.5CVE-2024-24943
cve@jetbrains.com
jgadbois -- calculatorpro_calculatorsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7.2024-02-056.1CVE-2024-24847
audit@patchstack.com
jspxcms -- jspxcmsA vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. Theexploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability.2024-02-035.3CVE-2024-1200
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
juanpao -- jpshopA vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability.2024-02-066.3CVE-2024-1259
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
juanpao -- jpshopA vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999.2024-02-066.3CVE-2024-1260
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
juanpao -- jpshopA vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000.2024-02-066.3CVE-2024-1261
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
juanpao -- jpshopA vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253001 was assigned to this vulnerability.2024-02-066.3CVE-2024-1262
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
juanpao -- jpshopA vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability.2024-02-066.3CVE-2024-1263
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
juanpao -- jpshopA vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253003.2024-02-076.3CVE-2024-1264
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
leanote -- leanoteLeanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.2024-02-075.5CVE-2024-0849
help@fluidattacks.com
help@fluidattacks.com
leap13 -- premium_addons_for_elementorImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS. This issue affects Premium Addons for Elementor: from n/a through 4.10.16.2024-02-106.5CVE-2024-24831
audit@patchstack.com
libexpat_project -- libexpatlibexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.2024-02-045.5CVE-2023-52426
cve@mitre.org
cve@mitre.org
cve@mitre.org
liferay -- portal/dxpThe Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.2024-02-076.5CVE-2024-25143
security@liferay.com
liferay -- portal/dxpAccount lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.2024-02-085.4CVE-2023-47798
security@liferay.com
liferay -- portal/dxpLiferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.2024-02-085.3CVE-2024-25146
security@liferay.com
liferay -- portal/dxpIn Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.2024-02-085.4CVE-2024-25148
security@liferay.com
liferay -- portal/dxpThe IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.2024-02-084.1CVE-2024-25144
security@liferay.com
linecorp -- central_dogmaCentral Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.2024-02-026.1CVE-2024-1143
dl_cve@linecorp.com
linksys -- wrt54glA vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-094.3CVE-2024-1404
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
linksys -- wrt54glA vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-104.3CVE-2024-1405
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
linksys -- wrt54glA vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-104.3CVE-2024-1406
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
linux -- kernelA Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.2024-02-046.5CVE-2023-6240
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelA flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.2024-02-076.5CVE-2023-6356
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelA flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.2024-02-076.5CVE-2023-6535
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelA flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.2024-02-076.5CVE-2023-6536
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelA race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.2024-02-056.8CVE-2024-24857
security@openanolis.org
linux -- kernelA race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.2024-02-056.3CVE-2024-24861
security@openanolis.org
linux -- kernelA use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.2024-02-085.1CVE-2024-1312
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelA race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.2024-02-055.3CVE-2024-24858
security@openanolis.org
linux -- kernelA race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.2024-02-054.7CVE-2024-22386
security@openanolis.org
linux -- kernelA race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.2024-02-054.7CVE-2024-23196
security@openanolis.org
linux -- kernelA race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.2024-02-054.7CVE-2024-24855
security@openanolis.org
linux -- kernelA race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.2024-02-054.8CVE-2024-24859
security@openanolis.org
linux -- kernelA race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.2024-02-054.6CVE-2024-24860
security@openanolis.org
linux -- kernelA race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.2024-02-054.7CVE-2024-24864
security@openanolis.org
lê_văn_toản  -- woocommerce_vietnam_checkoutImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lê Văn Toản Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7.2024-02-085.9CVE-2024-24885
audit@patchstack.com
m2crypto -- m2cryptoA flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.2024-02-055.9CVE-2023-50781
secalert@redhat.com
secalert@redhat.com
mark_kinchin -- beds24_online_bookingImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS. This issue affects Beds24 Online Booking: from n/a through 2.0.23.2024-02-105.9CVE-2024-24717
audit@patchstack.com
mattermost -- mattermostMattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post. 2024-02-094.3CVE-2024-1402
responsibledisclosure@mattermost.com
michael_dempfle -- advanced_iframeImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS. This issue affects Advanced iFrame: from n/a through 2023.10.2024-02-056.5CVE-2024-24870
audit@patchstack.com
micronaut-projects -- micronaut-coreMicronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade.2024-02-095.1CVE-2024-23639
security-advisories@github.com
security-advisories@github.com
mightythemes -- mighty_addonsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MightyThemes Mighty Addons for Elementor allows Reflected XSS.This issue affects Mighty Addons for Elementor: from n/a through 1.9.3.2024-02-056.1CVE-2024-24846
audit@patchstack.com
miraheze -- managewikiManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability.2024-02-096.5CVE-2024-25109
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
miraheze -- wikidiscoverWikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability.2024-02-084.9CVE-2024-25107
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
mjssoftware -- sign_upsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MJS Software PT Sign Ups - Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups - Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4.2024-02-056.1CVE-2024-24848
audit@patchstack.com
mozilla -- firefoxWhen a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.2024-02-056.1CVE-2024-0953
security@mozilla.org
mpedraza2020 -- intranet_del_monterrosoA vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dni_profe leads to sql injection. Upgrading to version 4.51.0 is able to address this issue. The identifier of the patch is 678190bee1dfd64b54a2b0e88abfd009e78adce8. It is recommended to upgrade the affected component. The identifier VDB-252717 was assigned to this vulnerability.2024-02-045.5CVE-2019-25159
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
mrcms -- mrcmsMRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do.2024-02-025.4CVE-2024-24160
cve@mitre.org
munsoft -- easy_archive_recoveryA vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1186
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
munsoft -- easy_outlook_express_recoveryA vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1187
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nagios -- nagios_xiA stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators.2024-02-025.4CVE-2023-51072
cve@mitre.org
nationalkeep -- cybermathImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS.This issue affects CyberMath: from v.1.4 before v.1.5.2024-02-026.1CVE-2023-6673
iletisim@usom.gov.tr
nationalkeep -- cybermathImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS.This issue affects CyberMath: from v1.4 before v1.5.2024-02-025.4CVE-2023-6672
iletisim@usom.gov.tr
navicat -- navicatA vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252683. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1193
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netapp -- storagegrid_(formerly_storagegrid_webscale)StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service.2024-02-056.5CVE-2023-27318
security-alert@netapp.com
noahkagan -- scroll_triggered_boxImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3.2024-02-055.4CVE-2024-24865
audit@patchstack.com
nonebot -- nonebot2nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template.2024-02-095.7CVE-2024-21624
security-advisories@github.com
security-advisories@github.com
nsasoft -- network_bandwidth_monitorA vulnerability classified as problematic has been found in Nsasoft NBMonitor Network Bandwidth Monitor 1.6.5.0. This affects an unknown part of the component Registration Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252675. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1185
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nsasoft -- network_sleuthA vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-252674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1184
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
openbi -- openbiA vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696.2024-02-036.3CVE-2024-1198
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
openharmony -- openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.2024-02-026.2CVE-2024-21863
scy@openharmony.io
openharmony -- openharmonyin OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.2024-02-025.5CVE-2023-43756
scy@openharmony.io
openharmony -- openharmonyin OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.2024-02-025.5CVE-2023-49118
scy@openharmony.io
openharmony -- openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.2024-02-025.5CVE-2024-0285
scy@openharmony.io
phpems -- phpemsA vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability.2024-02-096.3CVE-2024-1353
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pimcore -- admin_ui_classic_bundlePimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.2024-02-076.5CVE-2024-24822
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
plotly -- dashVersions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that's visible to another user who opens that view - not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server. **Note:** This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user.2024-02-025.4CVE-2024-21485
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
pyload -- pyloadpyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.2024-02-064.7CVE-2024-24808
security-advisories@github.com
security-advisories@github.com
python -- cryptographyA flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.2024-02-055.9CVE-2023-50782
secalert@redhat.com
secalert@redhat.com
qnap -- photo_stationA cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later2024-02-025.4CVE-2023-47561
security@qnapsecurity.com.tw
qnap -- qtsAn incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later2024-02-026.5CVE-2023-32967
security@qnapsecurity.com.tw
qnap -- qtsAn unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later2024-02-026.7CVE-2023-50359
security@qnapsecurity.com.tw
qnap -- qtsA NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-024.9CVE-2023-41274
security@qnapsecurity.com.tw
qnap -- qtsA path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later2024-02-024.9CVE-2023-45026
security@qnapsecurity.com.tw
qnap -- qtsA path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later2024-02-024.9CVE-2023-45027
security@qnapsecurity.com.tw
qnap -- qtsAn uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later2024-02-024.9CVE-2023-45028
security@qnapsecurity.com.tw
qualcomm -- aqt1000_firmwareTransient DOS in Audio when invoking callback function of ASM driver.2024-02-065.5CVE-2023-33064
product-security@qualcomm.com
qualcomm -- ar8035_firmwareTransient DOS in Core when DDR memory check is called while DDR is not initialized.2024-02-065.5CVE-2023-33060
product-security@qualcomm.com
rapidscada -- rapid_scadaIn Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system.2024-02-026.5CVE-2024-22096
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
rapidscada -- rapid_scadaIn Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page.2024-02-025.4CVE-2024-21794
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
rapidscada -- rapid_scadaIn Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request.2024-02-025.3CVE-2024-21866
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
rapidscada -- rapid_scadaIn Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.2024-02-025.5CVE-2024-21869
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
rdkcentral -- rdk-bIn da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.2024-02-056.7CVE-2024-20006
security@mediatek.com
realmag777 -- active_products_tables_for_woocommerce_professional_products_tables_for_woocommerce_storeImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store allows Stored XSS.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store: from n/a through 1.0.6.2024-02-106.5CVE-2023-51480
audit@patchstack.com
realmag777 -- bear_bulk_editor_and_products_manager_professional_for_woocommerce_by_pluginus.netImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.2024-02-085.9CVE-2024-24834
audit@patchstack.com
remyandrade -- testimonial_page_managerA vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability.2024-02-026.1CVE-2024-1196
cna@vuldb.com
cna@vuldb.com
rizonesoft -- notepad3A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-252678 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1188
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
samsung -- galaxy_storeImplicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.2024-02-065.5CVE-2024-20822
mobile.security@samsung.com
samsung -- galaxy_storeImplicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.2024-02-065.5CVE-2024-20823
mobile.security@samsung.com
samsung -- galaxy_storeImplicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.2024-02-065.5CVE-2024-20824
mobile.security@samsung.com
samsung -- galaxy_storeImplicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.2024-02-065.5CVE-2024-20825
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesOut bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.2024-02-066.6CVE-2024-20817
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesOut bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.2024-02-066.6CVE-2024-20818
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesOut bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.2024-02-066.6CVE-2024-20819
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.2024-02-065.1CVE-2024-20811
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesOut-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information.2024-02-064CVE-2024-20814
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read.2024-02-064.4CVE-2024-20820
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.2024-02-064.6CVE-2024-20827
mobile.security@samsung.com
samsung_mobile -- uphelperImplicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent.2024-02-065.5CVE-2024-20826
mobile.security@samsung.com
sepidz -- sepidzdigitalmenuA vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. This vulnerability affects unknown code of the file /Waiters. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-065.3CVE-2024-1255
cna@vuldb.com
cna@vuldb.com
snow_software -- snow_inventory_agentAuthentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof. This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.02024-02-086CVE-2023-7169
security@snowsoftware.com
solar-log -- 2000_pm\+_firmwareA vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks.2024-02-025.4CVE-2023-46344
cve@mitre.org
cve@mitre.org
spring_security -- spring_securityThe spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of "CWE-732: Incorrect Permission Assignment for Critical Resource" and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.2024-02-054.1CVE-2023-34042
security@vmware.com
stimulsoft -- dashboardsCross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.2024-02-055.4CVE-2024-24397
cve@mitre.org
cve@mitre.org
cve@mitre.org
suite_crm -- suite_crmSuite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.2024-02-075CVE-2023-6388
help@fluidattacks.com
help@fluidattacks.com
tenable -- nessusA SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.2024-02-076.5CVE-2024-0971
vulnreport@tenable.com
tenable -- nessusA stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.2024-02-074.8CVE-2024-0955
vulnreport@tenable.com
thorsten -- phpmyfaqphpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.2024-02-056.5CVE-2024-22208
security-advisories@github.com
security-advisories@github.com
thorsten -- phpmyfaqphpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.2024-02-056.5CVE-2024-24574
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
thorsten -- phpmyfaqphpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.2024-02-055.7CVE-2024-22202
security-advisories@github.com
security-advisories@github.com
tongda -- oa_2017A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-252990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-065.5CVE-2024-1251
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tongda -- oa_2017A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991.2024-02-065.5CVE-2024-1252
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ujcms -- jspxcmsA vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996.2024-02-066.1CVE-2024-1257
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ujcms -- jspxcmsA vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995.2024-02-064.3CVE-2024-1256
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
vercel -- pkgpkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21's support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security.2024-02-096.6CVE-2024-24828
security-advisories@github.com
security-advisories@github.com
vmware -- aria_operations_for_networksAria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.2024-02-064.8CVE-2024-22238
security@vmware.com
vmware -- aria_operations_for_networksAria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.2024-02-064.9CVE-2024-22240
security@vmware.com
vmware -- aria_operations_for_networksAria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.  2024-02-064.8CVE-2024-22241
security@vmware.com
websoudan -- mw_wp_formImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS. This issue affects MW WP Form: from n/a through 5.0.6.2024-02-106.5CVE-2024-24804
audit@patchstack.com
westermo -- lynxA potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.2024-02-066.6CVE-2023-45213
ics-cert@hq.dhs.gov
westermo -- lynxAn attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter.2024-02-065.4CVE-2023-40143
ics-cert@hq.dhs.gov
westermo -- lynxAn attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications.2024-02-065.7CVE-2023-40544
ics-cert@hq.dhs.gov
westermo -- lynxAn attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration.2024-02-065.4CVE-2023-42765
ics-cert@hq.dhs.gov
westermo -- lynxAn attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter.2024-02-065.4CVE-2023-45222
ics-cert@hq.dhs.gov
westermo -- lynxAn attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter.2024-02-065.4CVE-2023-45227
ics-cert@hq.dhs.gov
western_digital -- my_cloud_os_5Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104. 2024-02-055.5CVE-2023-22817
psirt@wdc.com
western_digital -- my_cloud_os_5An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161.2024-02-054.9CVE-2023-22819
psirt@wdc.com
wolfssl -- wolfsslwolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define "WOLFSSL_STATIC_RSA" enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However, the server's private key is not exposed.2024-02-095.9CVE-2023-6935
facts@wolfssl.com
facts@wolfssl.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyAgilePrivacy My Agile Privacy - The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy - The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7.2024-02-106.5CVE-2023-51404
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP - Donation Plugin and Fundraising Platform: from n/a through 3.2.2.2024-02-106.5CVE-2023-51415
audit@patchstack.com
wordpress -- wordpressThe Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-086.4CVE-2023-5665
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Meta Box - WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2023-6526
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Display custom fields in the frontend - Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2023-6982
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe 10Web AI Assistant - AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site.2024-02-056.5CVE-2023-6985
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 9.7.6.2024-02-056.4CVE-2023-7029
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-0254
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-076.4CVE-2024-0256
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-0448
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-0508
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'request' parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-02-056.1CVE-2024-0509
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.5CVE-2024-0586
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Formidable Forms - Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-056.1CVE-2024-0660
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-02-056.6CVE-2024-0668
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.5CVE-2024-0678
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.2024-02-056.6CVE-2024-0699
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-0834
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-0954
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-0961
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe All-In-One Security (AIOS) - Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-02-076.1CVE-2024-1037
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-1046
security@wordfence.com
security@wordfence.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS. This issue affects CC BMI Calculator: from n/a through 2.0.1.2024-02-106.5CVE-2024-23516
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin - Online Booking for WordPress allows Stored XSS. This issue affects Scheduling Plugin - Online Booking for WordPress: from n/a through 3.5.10.2024-02-106.5CVE-2024-23517
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS. This issue affects Heateor Social Login WordPress: from n/a through 1.1.30.2024-02-106.5CVE-2024-24712
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings - Car Listings & Car Dealership Plugin for WordPress allows Stored XSS. This issue affects Auto Listings - Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5.2024-02-106.5CVE-2024-24713
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel - WordPress Owl Carousel Slider allows Stored XSS. This issue affects OWL Carousel - WordPress Owl Carousel Slider: from n/a through 1.4.0.2024-02-106.5CVE-2024-24801
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoperation Ultra Companion - Companion plugin for WPoperation Themes allows Stored XSS. This issue affects Ultra Companion - Companion plugin for WPoperation Themes: from n/a through 1.1.9.2024-02-106.5CVE-2024-24803
audit@patchstack.com
wordpress -- wordpressThe Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts.2024-02-055.3CVE-2023-6557
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2023-6701
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2023-6807
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2023-6808
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2023-6884
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.2024-02-055.3CVE-2023-6963
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Author Box, Guest Author and Co-Authors for Your Posts - Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable.2024-02-055.3CVE-2023-7014
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2024-0255
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2024-0382
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2024-0384
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2024-0585
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts.2024-02-105.3CVE-2024-0596
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Easy Digital Downloads - Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.5CVE-2024-0659
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import.2024-02-055.5CVE-2024-0691
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.2024-02-055.3CVE-2024-0701
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WOLF - WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions. This makes it possible for unauthenticated attackers to create, modify and delete taxonomy terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Furthermore, the functions wpbe_save_options, wpbe_bulk_delete_posts_count, wpbe_bulk_delete_posts, and wpbe_save_meta are vulnerable to Cross-Site Request Forgery allowing for plugin options update, post count deletion, post deletion and modification of post metadata via forged request.2024-02-055.4CVE-2024-0790
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2024-0823
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe PDF Flipbook, 3D Flipbook - DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-035.4CVE-2024-0895
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-025.4CVE-2024-0963
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content.2024-02-085.3CVE-2024-0965
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content.2024-02-055.3CVE-2024-0969
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys.2024-02-025.3CVE-2024-1047
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-075.4CVE-2024-1055
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-025.4CVE-2024-1073
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.2024-02-075.3CVE-2024-1079
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.2024-02-075.3CVE-2024-1109
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.2024-02-075.3CVE-2024-1110
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings.2024-02-055.3CVE-2024-1121
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Event Manager, Events Calendar, Events Tickets for WooCommerce - Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.2024-02-095.3CVE-2024-1122
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WP Club Manager - WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs2024-02-055.3CVE-2024-1177
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.2024-02-055.3CVE-2024-1208
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.2024-02-055.3CVE-2024-1209
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.2024-02-055.3CVE-2024-1210
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.2024-02-054.3CVE-2023-4637
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe PDF Generator For Fluent Forms - The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin.2024-02-054.9CVE-2023-6953
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings.2024-02-054.3CVE-2023-6959
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Display custom fields in the frontend - Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta.2024-02-054.3CVE-2023-6983
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Starbox - the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.2024-02-054.3CVE-2024-0366
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.2024-02-054.3CVE-2024-0370
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.2024-02-054.3CVE-2024-0371
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.2024-02-054.3CVE-2024-0372
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-054.3CVE-2024-0373
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-054.3CVE-2024-0374
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting.2024-02-054.3CVE-2024-0380
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-084.3CVE-2024-0511
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails.2024-02-104.3CVE-2024-0595
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-054.4CVE-2024-0597
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Content Views - Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-054.4CVE-2024-0612
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-054.4CVE-2024-0630
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-094.4CVE-2024-0657
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WOLF - WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms.2024-02-054.3CVE-2024-0791
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-054.3CVE-2024-0796
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use.2024-02-054.3CVE-2024-0797
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values.2024-02-054.3CVE-2024-0835
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-054.3CVE-2024-0859
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image.2024-02-074.4CVE-2024-0977
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.2024-02-074.3CVE-2024-1078
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them.2024-02-054.3CVE-2024-1092
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-024.3CVE-2024-1162
security@wordfence.com
security@wordfence.com
wp_hosting -- pay_with_vipps_and_mobilepay_for_woocommerceImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS. This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13.2024-02-106.5CVE-2023-51485
audit@patchstack.com
wpsc-plugin -- structured_contentImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.6.1.2024-02-055.4CVE-2024-24839
audit@patchstack.com
xunruicms -- xunruicmsCross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.2024-02-026.1CVE-2024-24388
cve@mitre.org
zabbix -- zabbixThe cause of vulnerability is improper validation of form input field "Name" on Graph page in Items section.2024-02-095.5CVE-2024-22119
security@zabbix.com

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
armcode -- alienipA vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-023.3CVE-2024-1194
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeastro -- restaurant_pos_systemA vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-253010 is the identifier assigned to this vulnerability.2024-02-073.5CVE-2024-1267
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeastro -- university_management_systemA vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253008.2024-02-072.4CVE-2024-1265
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeastro -- university_management_systemA vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253009 was assigned to this vulnerability.2024-02-072.4CVE-2024-1266
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
concrete_cms -- concrete_cmsConcrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.2024-02-092.4CVE-2024-1245
ff5b8ace-8b95-4078-9743-eac1ca5451de
ff5b8ace-8b95-4078-9743-eac1ca5451de
concrete_cms -- concrete_cmsConcrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user's browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.2024-02-092CVE-2024-1246
ff5b8ace-8b95-4078-9743-eac1ca5451de
ff5b8ace-8b95-4078-9743-eac1ca5451de
concrete_cms -- concrete_cmsConcrete CMS version 9 before 9.2.5 is vulnerable to  stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.2024-02-092CVE-2024-1247
ff5b8ace-8b95-4078-9743-eac1ca5451de
ff5b8ace-8b95-4078-9743-eac1ca5451de
grub2 -- grub2A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.2024-02-063.3CVE-2024-1048
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
hcl_software -- hcl_sametimeSametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session.  2024-02-093.9CVE-2023-45718
psirt@hcl.com
juanpao -- jpshopA vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability.2024-02-063.1CVE-2024-1258
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
mailcow -- mailcow-dockerizedmailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.2024-02-022.7CVE-2024-23824
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
mattermost -- mattermostMattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.2024-02-093.5CVE-2024-23319
responsibledisclosure@mattermost.com
mattermost -- mattermostMattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.2024-02-093.4CVE-2024-24774
responsibledisclosure@mattermost.com
mattermost -- mattermostMattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.2024-02-093.1CVE-2024-24776
responsibledisclosure@mattermost.com
planet-freo -- planet-freoA vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 6ad38c58a45642eb8c7844e2f272ef199f59550d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-252716.2024-02-043.7CVE-2015-10129
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sametime -- sametimeSametime is impacted by sensitive information passed in URL.2024-02-091.7CVE-2023-45716
psirt@hcl.com
samsung_mobile -- samsung_internetImproper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.2024-02-062.4CVE-2024-20828
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImplicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows attackers to get sensitive information.2024-02-063.3CVE-2024-20810
mobile.security@samsung.com
sourcecodester -- crudA vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability.2024-02-033.5CVE-2024-1215
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- product_management_systemA vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument supplier_name/supplier_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253012.2024-02-072.4CVE-2024-1269
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sulu-- suluSulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12.2024-02-052.7CVE-2024-24807
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
vyperlang -- vyperVyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.2024-02-053.7CVE-2024-24559
security-advisories@github.com
security-advisories@github.com
vyperlang -- vyperVyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned.2024-02-023.7CVE-2024-24560
security-advisories@github.com
wordpress -- wordpressThe WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.2024-02-073.8CVE-2024-0628
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Minimal Coming Soon - Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden.2024-02-053.7CVE-2024-1075
security@wordfence.com
security@wordfence.com
security@wordfence.com

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
akaunting -- akauntingAn OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.2024-02-08not yet calculatedCVE-2024-22836
cve@mitre.org
cve@mitre.org
cve@mitre.org
android -- binhdrm26_ super_rebootThe Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode.2024-02-06not yet calculatedCVE-2023-47889
cve@mitre.org
apache_software_foundation -- brpcRequest smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server.  Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch:  https://github.com/apache/brpc/pull/25182024-02-08not yet calculatedCVE-2024-23452
security@apache.org
security@apache.org
security@apache.org
security@apache.org
apache_software_foundation -- solrInsufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue:   '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'2024-02-09not yet calculatedCVE-2023-50291
security@apache.org
security@apache.org
apache_software_foundation -- solrIncorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue.2024-02-09not yet calculatedCVE-2023-50292
security@apache.org
security@apache.org
apache_software_foundation -- solrExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost". Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.2024-02-09not yet calculatedCVE-2023-50298
security@apache.org
security@apache.org
security@apache.org
apache_software_foundation -- solrImproper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.2024-02-09not yet calculatedCVE-2023-50386
security@apache.org
security@apache.org
aprktool -- aprktoolAprktool before 2.9.3 on Windows allows ../ and /.. directory traversal.2024-02-02not yet calculatedCVE-2024-24482
cve@mitre.org
archibus -- app_4.0.3An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database.2024-02-02not yet calculatedCVE-2023-48645
cve@mitre.org
arm_ltd -- bifrost_gpu_kernel_driverUse After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system's memory is carefully prepared by the user, then this in turn cause a use-after-free. This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.2024-02-05not yet calculatedCVE-2023-5249
arm-security@arm.com
arm_ltd -- bifrost_gpu_kernel_driverOut-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the system's memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds. This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0.2024-02-05not yet calculatedCVE-2023-5643
arm-security@arm.com
artifex -- ghostscriptArtifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).2024-02-04not yet calculatedCVE-2020-36773
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
atmail -- atmailAtmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.2024-02-07not yet calculatedCVE-2024-24133
cve@mitre.org
atos -- unify_openscape_voice_trace_managerAn issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request.2024-02-08not yet calculatedCVE-2023-40262
cve@mitre.org
atos -- unify_openscape_voice_trace_managerAn issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp.2024-02-08not yet calculatedCVE-2023-40263
cve@mitre.org
atos -- unify_openscape_voice_trace_managerAn issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface.2024-02-08not yet calculatedCVE-2023-40264
cve@mitre.org
atos -- unify_openscape_xpressions_webassistantAn issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.2024-02-08not yet calculatedCVE-2023-40265
cve@mitre.org
atos -- unify_openscape_xpressions_webassistantAn issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.2024-02-08not yet calculatedCVE-2023-40266
cve@mitre.org
axigen -- axigenCross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.2024-02-07not yet calculatedCVE-2023-40355
cve@mitre.org
axigen -- axigenWebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates.2024-02-08not yet calculatedCVE-2023-49101
cve@mitre.org
axigen -- webmailCross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and before allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.2024-02-08not yet calculatedCVE-2023-48974
cve@mitre.org
cve@mitre.org
axiomatic_systems -- bento4Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function.2024-02-09not yet calculatedCVE-2024-25451
cve@mitre.org
axiomatic_systems -- bento4Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function.2024-02-09not yet calculatedCVE-2024-25452
cve@mitre.org
axiomatic_systems -- bento4Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function.2024-02-09not yet calculatedCVE-2024-25453
cve@mitre.org
cve@mitre.org
axiomatic_systems -- bento4Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.2024-02-09not yet calculatedCVE-2024-25454
cve@mitre.org
binance -- trust_walletThe Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe and link them to specific wallet addresses in order to steal funds from those wallets.2024-02-08not yet calculatedCVE-2024-23660
cve@mitre.org
cve@mitre.org
binhdrm26 -- super_rebootAn issue in the PowerOffWidgetReceiver function of Super Reboot (Root) Recovery v1.0.3 allows attackers to arbitrarily reset or power off the device via a crafted intent2024-02-06not yet calculatedCVE-2023-47354
cve@mitre.org
cve@mitre.org
cellinx -- nvt_web_serverAn issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request.2024-02-08not yet calculatedCVE-2024-24215
cve@mitre.org
cve@mitre.org
cve@mitre.org
cotonti -- contonti_cmsA stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.2024-02-08not yet calculatedCVE-2024-24115
cve@mitre.org
curl -- curlcurl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.2024-02-03not yet calculatedCVE-2024-0853
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
cybozu_inc -- cybozu_kunai_for_androidCybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.2024-02-06not yet calculatedCVE-2024-23304
vultures@jpcert.or.jp
vultures@jpcert.or.jp
d-link -- dir-816A2An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.2024-02-08not yet calculatedCVE-2024-24321
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
d-link -- go-rt-ac750D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.2024-02-06not yet calculatedCVE-2024-22852
cve@mitre.org
cve@mitre.org
d-link -- go-rt-ac750D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.2024-02-06not yet calculatedCVE-2024-22853
cve@mitre.org
cve@mitre.org
delete-tracker_php -- daily_habit_trackerSQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.2024-02-08not yet calculatedCVE-2024-24495
cve@mitre.org
django -- djangoAn issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.2024-02-06not yet calculatedCVE-2024-24680
cve@mitre.org
cve@mitre.org
cve@mitre.org
dronecode -- PX4PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes.2024-02-06not yet calculatedCVE-2024-24254
cve@mitre.org
cve@mitre.org
dronecode -- PX4A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions.2024-02-06not yet calculatedCVE-2024-24255
cve@mitre.org
dronetag -- drone_scannerAn issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.2024-02-06not yet calculatedCVE-2024-22520
cve@mitre.org
easyemail -- easyemailCross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version.2024-02-09not yet calculatedCVE-2023-39683
cve@mitre.org
cve@mitre.org
cve@mitre.org
easysoft -- zentaoAn arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.2024-02-08not yet calculatedCVE-2024-24202
cve@mitre.org
easysoft -- zentaoZentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.2024-02-08not yet calculatedCVE-2024-24216
cve@mitre.org
cve@mitre.org
egerie -- risk_managerAn issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation.2024-02-08not yet calculatedCVE-2023-27001
cve@mitre.org
enlightenment -- imlib2An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.2024-02-09not yet calculatedCVE-2024-25447
cve@mitre.org
cve@mitre.org
enlightenment -- imlib2An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.2024-02-09not yet calculatedCVE-2024-25448
cve@mitre.org
cve@mitre.org
espruino -- espruinoEspruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.2024-02-07not yet calculatedCVE-2024-25200
cve@mitre.org
espruino -- espruinoEspruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c.2024-02-07not yet calculatedCVE-2024-25201
cve@mitre.org
eypcnnapps -- quickrebootThe com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation.2024-02-05not yet calculatedCVE-2023-47355
cve@mitre.org
cve@mitre.org
forescout -- secureconnectorInsecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.2024-02-08not yet calculatedCVE-2024-22795
cve@mitre.org
cve@mitre.org
cve@mitre.org
glitched_polygons -- l8w8jwtl8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.2024-02-08not yet calculatedCVE-2024-25190
cve@mitre.org
google -- androidIn TBD of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-07not yet calculatedCVE-2024-22012
dsap-vuln-management@google.com
google -- chromeThe N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.2024-02-08not yet calculatedCVE-2023-47131
cve@mitre.org
google -- chromeHeap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-02-07not yet calculatedCVE-2024-1283
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chromeUse after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-02-07not yet calculatedCVE-2024-1284
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
gradio-app -- gradio-app_gradioA local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.2024-02-05not yet calculatedCVE-2024-0964
security@huntr.dev
security@huntr.dev
grav_cms -- gravA cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.2024-02-09not yet calculatedCVE-2023-31506
cve@mitre.org
hardy_barth -- cph2_echarge_ladestationAn OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.2024-02-06not yet calculatedCVE-2023-46359
cve@mitre.org
cve@mitre.org
hardy_barth -- cph2_echarge_ladestationHardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges.2024-02-06not yet calculatedCVE-2023-46360
cve@mitre.org
cve@mitre.org
hipresta -- hiprestaSQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method.2024-02-07not yet calculatedCVE-2024-24303
cve@mitre.org
huaxiaerp -- jsherpjshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths.2024-02-06not yet calculatedCVE-2024-24000
cve@mitre.org
cve@mitre.org
hugin -- huginAn issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.2024-02-09not yet calculatedCVE-2024-25442
cve@mitre.org
hugin -- huginAn issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image.2024-02-09not yet calculatedCVE-2024-25443
cve@mitre.org
hugin -- huginImproper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure.2024-02-09not yet calculatedCVE-2024-25445
cve@mitre.org
hugin -- huginAn issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.2024-02-09not yet calculatedCVE-2024-25446
cve@mitre.org
imlib2 -- imlib2imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().2024-02-09not yet calculatedCVE-2024-25450
cve@mitre.org
cve@mitre.org
imou -- imou_goAn issue in the com.oneed.dvr.service.DownloadFirmwareService component of IMOU GO v1.0.11 allows attackers to force the download of arbitrary files.2024-02-06not yet calculatedCVE-2023-47353
cve@mitre.org
cve@mitre.org
innovadeluxe -- innovadeluxeSQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike.2024-02-09not yet calculatedCVE-2023-46350
cve@mitre.org
intelbras -- roteador_action_rf_1200Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie resulting in Login Bypass.2024-02-06not yet calculatedCVE-2024-22773
cve@mitre.org
cve@mitre.org
ispyconnect.com -- agent_dvrAn issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file.2024-02-06not yet calculatedCVE-2024-22514
cve@mitre.org
ispyconnect.com -- agent_dvrUnrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component.2024-02-06not yet calculatedCVE-2024-22515
cve@mitre.org
it_edge_soft -- cineam_seat_reservation_systemCode-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."2024-02-09not yet calculatedCVE-2024-25307
cve@mitre.org
it_edge_soft -- hotel_management_systemCode-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.2024-02-09not yet calculatedCVE-2024-25314
cve@mitre.org
it_edge_soft -- hotel_management_systemCode-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.2024-02-09not yet calculatedCVE-2024-25315
cve@mitre.org
it_edge_soft -- hotel_management_systemCode-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.2024-02-09not yet calculatedCVE-2024-25316
cve@mitre.org
it_edge_soft -- hotel_management_systemCode-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.2024-02-09not yet calculatedCVE-2024-25318
cve@mitre.org
it_edge_soft -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."2024-02-09not yet calculatedCVE-2024-25304
cve@mitre.org
it_edge_soft -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.2024-02-09not yet calculatedCVE-2024-25305
cve@mitre.org
it_edge_soft -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php".2024-02-09not yet calculatedCVE-2024-25306
cve@mitre.org
it_edge_soft -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php.2024-02-09not yet calculatedCVE-2024-25308
cve@mitre.org
it_edge_soft -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.2024-02-09not yet calculatedCVE-2024-25309
cve@mitre.org
it_edge_soft -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5."2024-02-09not yet calculatedCVE-2024-25310
cve@mitre.org
it_edge_soft -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."2024-02-09not yet calculatedCVE-2024-25312
cve@mitre.org
it_edge_soft -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php.2024-02-09not yet calculatedCVE-2024-25313
cve@mitre.org
kitty -- kittyKiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.2024-02-09not yet calculatedCVE-2024-23749
cve@mitre.org
cve@mitre.org
kitty -- kittyKiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.2024-02-09not yet calculatedCVE-2024-25003
cve@mitre.org
cve@mitre.org
kitty -- kittyKiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.2024-02-09not yet calculatedCVE-2024-25004
cve@mitre.org
cve@mitre.org
libjwt -- libjwtlibjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.2024-02-08not yet calculatedCVE-2024-25189
cve@mitre.org
libxml2 -- libxml2An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.2024-02-04not yet calculatedCVE-2024-25062
cve@mitre.org
cve@mitre.org
linea_grafica -- linea_graficaPath Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.2024-02-07not yet calculatedCVE-2024-24311
cve@mitre.org
linux-pam -- linux-pamlinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.2024-02-06not yet calculatedCVE-2024-22365
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
litespeed -- litespeed_quick_(lsquic)In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.2024-02-09not yet calculatedCVE-2024-25678
cve@mitre.org
cve@mitre.org
cve@mitre.org
logpoint -- siemThe Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure.2024-02-03not yet calculatedCVE-2023-49950
cve@mitre.org
cve@mitre.org
ltos-web-interface -- meinberg_lantime_firmwareAn issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls.2024-02-04not yet calculatedCVE-2021-46902
cve@mitre.org
ltos-web-interface -- meinberg_lantime_firmwareAn issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).2024-02-04not yet calculatedCVE-2021-46903
cve@mitre.org
magic_software_enterprises -- magic_xpiThe XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.2024-02-06not yet calculatedCVE-2023-52239
cve@mitre.org
cve@mitre.org
mail2world -- business_control_centerMail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp.2024-02-07not yet calculatedCVE-2024-24130
cve@mitre.org
malwarebytes_binisoft_windows_firewall_control -- malwarebytes_binisoft_windows_firewall_controlmMalwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes.2024-02-04not yet calculatedCVE-2024-25089
cve@mitre.org
cve@mitre.org
min -- minIn Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.2024-02-09not yet calculatedCVE-2024-25677
cve@mitre.org
mingsoft -- mcmsFile Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.2024-02-05not yet calculatedCVE-2024-22567
cve@mitre.org
misp -- mispAn issue was discovered in MISP before 2.4.184. Organization logo upload is insecure because of a lack of checks for the file extension and MIME type.2024-02-09not yet calculatedCVE-2024-25674
cve@mitre.org
cve@mitre.org
misp -- mispAn issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.2024-02-09not yet calculatedCVE-2024-25675
cve@mitre.org
cve@mitre.org
n-able -- n-centralAn issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.2024-02-08not yet calculatedCVE-2023-47132
cve@mitre.org
ncr_atleos -- terminal_handlerMultiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.2024-02-08not yet calculatedCVE-2023-47020
cve@mitre.org
cve@mitre.org
ncr_atleos -- terminal_handlerInsecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.2024-02-06not yet calculatedCVE-2023-47022
cve@mitre.org
npm -- ip_packageAn issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.2024-02-08not yet calculatedCVE-2023-42282
cve@mitre.org
oaooa -- pichomeFile Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.2024-02-08not yet calculatedCVE-2024-24393
cve@mitre.org
octane877 -- employee_management_systemSQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtusername and txtpassword parameters in the login.php components.2024-02-08not yet calculatedCVE-2024-24497
cve@mitre.org
octane877 -- employee_management_systemUnrestricted File Upload vulnerability in Employee Management System 1.0 allows a remote attacker to execute arbitrary code via the edit-photo.php component.2024-02-08not yet calculatedCVE-2024-24498
cve@mitre.org
octane877 -- employee_management_systemSQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtfullname and txtphone parameters in the edit_profile.php component.2024-02-08not yet calculatedCVE-2024-24499
cve@mitre.org
october -- october_cmsCross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp32024-02-08not yet calculatedCVE-2023-25365
cve@mitre.org
opoendroneid -- opendroneid_osmAn issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets.2024-02-06not yet calculatedCVE-2024-22519
cve@mitre.org
p-quic -- pquicIn PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.2024-02-09not yet calculatedCVE-2024-25679
cve@mitre.org
cve@mitre.org
cve@mitre.org
paessler -- prtg_network_monitorPaessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the web console. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-21182.2024-02-08not yet calculatedCVE-2023-51630
zdi-disclosures@trendmicro.com
php-jwt -- php-jwtphp-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.2024-02-08not yet calculatedCVE-2024-25191
cve@mitre.org
plone -- ploneAn issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).2024-02-05not yet calculatedCVE-2024-23054
cve@mitre.org
cve@mitre.org
cve@mitre.org
plone -- ploneThe HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.2024-02-08not yet calculatedCVE-2024-23756
cve@mitre.org
presta_monster -- hsmultiaccessoriesproSQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts().2024-02-09not yet calculatedCVE-2023-50026
cve@mitre.org
prestashop -- boostmyshopSQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php.2024-02-09not yet calculatedCVE-2024-24308
cve@mitre.org
prestashop -- mailjetIn the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction.2024-02-07not yet calculatedCVE-2024-24304
cve@mitre.org
cve@mitre.org
prestashop -- op'art_easy_redirectPrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher().2024-02-08not yet calculatedCVE-2023-50061
cve@mitre.org
cve@mitre.org
prestashop -- rm_bookingcalendarSQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php.2024-02-07not yet calculatedCVE-2023-46914
cve@mitre.org
purslane_ltd -- rustdeskA default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation.2024-02-06not yet calculatedCVE-2024-25140
cve@mitre.org
cve@mitre.org
cve@mitre.org
remyandrade -- daily_habit_trackerCross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.2024-02-08not yet calculatedCVE-2024-24494
cve@mitre.org
remyandrade -- daily_habit_trackerAn issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.2024-02-08not yet calculatedCVE-2024-24496
cve@mitre.org
reprise -- license_management_softwareIncorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account.2024-02-03not yet calculatedCVE-2023-43183
cve@mitre.org
cve@mitre.org
reprise -- license_management_softwareIncorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.2024-02-03not yet calculatedCVE-2023-44031
cve@mitre.org
cve@mitre.org
schuhfried -- schuhfriedAn issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.2024-02-07not yet calculatedCVE-2023-38995
cve@mitre.org
setor_informatica -- s_i_lSetor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code.2024-02-08not yet calculatedCVE-2024-24034
cve@mitre.org
sharp_nec_display_solutions_ltd -- mutiple_productsSharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.2024-02-05not yet calculatedCVE-2023-7077
psirt-info@cyber.jp.nec.com
shenzen_tenda_technology -- cp3v2An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.2024-02-07not yet calculatedCVE-2024-24488
cve@mitre.org
sofware_publico -- e-sic_livreFile Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.2024-02-08not yet calculatedCVE-2024-24350
cve@mitre.org
cve@mitre.org
sonicwall -- sonicosAn improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040.2024-02-08not yet calculatedCVE-2024-22394
PSIRT@sonicwall.com
sourcecodester -- event_student_attendance_systemSourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.2024-02-09not yet calculatedCVE-2024-25302
cve@mitre.org
stimulsoft -- stimulsoft_dashboardCross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.2024-02-05not yet calculatedCVE-2024-24396
cve@mitre.org
cve@mitre.org
cve@mitre.org
stimulsoft -- stimulsoft_dashboardDirectory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.2024-02-06not yet calculatedCVE-2024-24398
cve@mitre.org
cve@mitre.org
cve@mitre.org
stock_management_system -- stock_management_systemSQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.2024-02-05not yet calculatedCVE-2023-51951
cve@mitre.org
supabase -- databaseSupabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query.2024-02-08not yet calculatedCVE-2024-24213
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
superwebmailer -- superwebmailerSuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.2024-02-07not yet calculatedCVE-2024-24131
cve@mitre.org
symphony -- symphonyAn issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.2024-02-05not yet calculatedCVE-2024-23049
cve@mitre.org
tenda -- ac9Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.2024-02-05not yet calculatedCVE-2024-24543
cve@mitre.org
veeam -- recovery_orchestratorVulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.2024-02-07not yet calculatedCVE-2024-22021
support@hackerone.com
veeam -- recovery_orchestratorVulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.2024-02-07not yet calculatedCVE-2024-22022
support@hackerone.com
vim -- vimVim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.2024-02-05not yet calculatedCVE-2024-22667
cve@mitre.org
cve@mitre.org
withsecure -- withsecure_client_securityCertain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later.2024-02-08not yet calculatedCVE-2024-23764
cve@mitre.org
cve@mitre.org
xmall - xmallxmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.2024-02-06not yet calculatedCVE-2024-24112
cve@mitre.org
xuxueli -- xxl-jobxxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.2024-02-08not yet calculatedCVE-2024-24113
cve@mitre.org
yealink -- yealink_meeting_serverYealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface.2024-02-08not yet calculatedCVE-2024-24091
cve@mitre.org
yzmcms -- yzmcmsAn issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL.2024-02-06not yet calculatedCVE-2024-24291
cve@mitre.org

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.