Vulnerability Summary for the Week of February 5, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
allegro_ai -- clearml | Lack of authentication in all versions of the fileserver component of Allegro AI's ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. | 2024-02-06 | 9.8 | CVE-2024-24592 6f8de1f0-f67e-45a6-b68f-98777fdb759c |
allegro_ai -- clearml | A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server components of Allegro AI's ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks. | 2024-02-06 | 9.6 | CVE-2024-24593 6f8de1f0-f67e-45a6-b68f-98777fdb759c |
allegro_ai -- clearml | A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI's ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI. | 2024-02-06 | 9.9 | CVE-2024-24594 6f8de1f0-f67e-45a6-b68f-98777fdb759c |
allegro_ai -- clearml | Deserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI's ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user's system when interacted with. | 2024-02-06 | 8 | CVE-2024-24590 6f8de1f0-f67e-45a6-b68f-98777fdb759c |
allegro_ai -- clearml | A path traversal vulnerability in version 1.4.0 or newer of Allegro AI's ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user's system when interacted with. | 2024-02-06 | 8 | CVE-2024-24591 6f8de1f0-f67e-45a6-b68f-98777fdb759c |
ampps -- ampps | A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written. | 2024-02-02 | 7.5 | CVE-2024-1189 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
angular -- angular | This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core). | 2024-02-10 | 7.5 | CVE-2024-21490 report@snyk.io report@snyk.io |
apache_software_foundation -- pulsar | Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file. Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker. 2.11 Pulsar users should upgrade to at least 2.11.3. 3.0 Pulsar users should upgrade to at least 3.0.2. 3.1 Pulsar users should upgrade to at least 3.1.1. Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions. For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ . | 2024-02-07 | 7.4 | CVE-2023-51437 security@apache.org security@apache.org |
apache_software_foundation -- sling_servlets_resolver | Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not. | 2024-02-06 | 8.5 | CVE-2024-23673 security@apache.org security@apache.org |
apachefriends -- xampp | A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH). | 2024-02-02 | 9.8 | CVE-2024-0338 cve-coordination@incibe.es |
artifex -- mupdf | mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. | 2024-02-05 | 7.5 | CVE-2024-24258 cve@mitre.org |
artifex -- mupdf | mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. | 2024-02-05 | 7.5 | CVE-2024-24259 cve@mitre.org |
automattic_inc -- crowdsignal_dashboard_polls,_surveys_&_more | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard - Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard - Polls, Surveys & more: from n/a through 3.0.11. | 2024-02-10 | 7.1 | CVE-2023-51488 audit@patchstack.com |
b&r_industrial_automation -- automation_runtime | Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime (SDM modules). The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. A network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients. This issue affects Automation Runtime: from 14.0 before 14.93. | 2024-02-05 | 9.8 | CVE-2024-0323 cybersecurity@ch.abb.com |
b&r_industrial_automation -- automation_studio | Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP. | 2024-02-02 | 8.8 | CVE-2020-24681 cybersecurity@ch.abb.com |
b&r_industrial_automation -- automation_studio | Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4. | 2024-02-02 | 7.8 | CVE-2020-24682 cybersecurity@ch.abb.com |
b&r_industrial_automation -- automation_studio | : Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12. | 2024-02-02 | 7.5 | CVE-2021-22281 cybersecurity@ch.abb.com |
b&r_industrial_automation -- automation_studio | Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12. | 2024-02-02 | 7.8 | CVE-2021-22282 cybersecurity@ch.abb.com |
biteship -- biteship_plugin_ongkos_kirim_kurir_instant_reguler_kargo | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24. | 2024-02-05 | 7.1 | CVE-2024-24866 audit@patchstack.com |
blurams -- lumi_security_camera_a31c_firmware | An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code. | 2024-02-02 | 9.8 | CVE-2023-50488 cve@mitre.org cve@mitre.org |
canon_inc -- satera_lbp670c_series | Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2023-6231 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
canon_inc -- satera_lbp670c_series | Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2023-6232 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
canon_inc -- satera_lbp670c_series | Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2023-6233 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
canon_inc -- satera_lbp670c_series | Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2023-6234 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
canon_inc -- satera_mf750c_series | Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2024-0244 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
canon_inc -- satera_lbp670c_series | Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2023-6229 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
canon_inc -- satera_lbp670c_series | Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2023-6230 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
chendotjs -- lotos_webserver | Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c. | 2024-02-05 | 7.5 | CVE-2024-24263 cve@mitre.org |
cisco -- cisco_secure_endpoint | A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog. | 2024-02-07 | 7.5 | CVE-2024-20290 ykramarz@cisco.com |
cisco -- cisco_telepresence_video_communication_server_(vcs)_expressway | A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. | 2024-02-07 | 8.2 | CVE-2024-20255 ykramarz@cisco.com |
cisco -- mutiple_products | Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. | 2024-02-07 | 9.6 | CVE-2024-20252 ykramarz@cisco.com |
cisco -- mutiple_products | Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. | 2024-02-07 | 9.6 | CVE-2024-20254 ykramarz@cisco.com |
composer -- composer | Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:```sh rm vendor/composer/installed.php vendor/composer/InstalledVersions.php composer install --no-scripts --no-plugins ``` | 2024-02-09 | 8.8 | CVE-2024-24821 security-advisories@github.com security-advisories@github.com |
cpio -- cpio | A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system. | 2024-02-05 | 8.8 | CVE-2023-7216 secalert@redhat.com secalert@redhat.com |
crafty_controller -- crafty_controller | A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header | 2024-02-03 | 7.5 | CVE-2024-1064 cve@gitlab.com |
degamisu -- open-irs | open-irs is an issue response robot that reponds to issues in the installed repository. The `.env` file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets. | 2024-02-02 | 9.8 | CVE-2024-24757 security-advisories@github.com |
dell -- bsafe_crypto-c-micro-edition | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability. | 2024-02-02 | 9.8 | CVE-2020-29504 security_alert@emc.com |
dell -- bsafe_micro-edition-suite | Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. | 2024-02-02 | 9.8 | CVE-2021-21575 security_alert@emc.com |
dell -- bsafe_ssl-j | Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity. | 2024-02-02 | 9.8 | CVE-2022-34381 security_alert@emc.com |
dell -- data_protection_search | Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices. | 2024-02-06 | 8.8 | CVE-2024-22433 security_alert@emc.com |
dell -- dell_display_manager | Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation | 2024-02-06 | 7.3 | CVE-2023-32451 security_alert@emc.com |
dell -- dell_power_manager_(dpm) | Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system. | 2024-02-06 | 7.8 | CVE-2023-25543 security_alert@emc.com |
diracgrid -- dirac | DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 9.1 | CVE-2024-24825 security-advisories@github.com security-advisories@github.com |
emerson -- rosemount_gc370xa | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities. | 2024-02-09 | 8.3 | CVE-2023-51761 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
emerson_rosemount-- mutiple products | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer. | 2024-02-09 | 9.8 | CVE-2023-46687 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 8.6 | CVE-2024-23324 security-advisories@github.com security-advisories@github.com |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23322 security-advisories@github.com security-advisories@github.com |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn't supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23325 security-advisories@github.com security-advisories@github.com |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23327 security-advisories@github.com security-advisories@github.com |
flusity -- flusity | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php. | 2024-02-05 | 8.8 | CVE-2024-24468 cve@mitre.org |
flusity -- flusity | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. | 2024-02-05 | 8.8 | CVE-2024-24469 cve@mitre.org |
flusity -- flusity | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. | 2024-02-02 | 8.8 | CVE-2024-24470 cve@mitre.org |
flusity -- flusity | Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. | 2024-02-02 | 8.8 | CVE-2024-24524 cve@mitre.org |
fortinet -- fortios/fortiproxy | An out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests | 2024-02-09 | 9.8 | CVE-2024-21762 psirt@fortinet.com |
fortinet -- fortisiem | An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | 2024-02-05 | 9.8 | CVE-2024-23108 psirt@fortinet.com |
fortinet -- fortisiem | An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | 2024-02-05 | 9.8 | CVE-2024-23109 psirt@fortinet.com |
google -- android | In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146. | 2024-02-05 | 9.8 | CVE-2024-20011 security@mediatek.com |
google -- android | In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150. | 2024-02-05 | 8.8 | CVE-2024-20009 security@mediatek.com |
google -- android | In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369. | 2024-02-05 | 7.5 | CVE-2024-20007 security@mediatek.com |
google -- android | In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419. | 2024-02-05 | 7.8 | CVE-2024-20015 security@mediatek.com |
gpac -- gpac | gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function. | 2024-02-05 | 7.5 | CVE-2024-24265 cve@mitre.org |
gpac -- gpac | gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c. | 2024-02-05 | 7.5 | CVE-2024-24266 cve@mitre.org |
gpac -- gpac | gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function. | 2024-02-05 | 7.5 | CVE-2024-24267 cve@mitre.org |
graphviz -- graphviz | Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. | 2024-02-02 | 7.8 | CVE-2023-46045 cve@mitre.org cve@mitre.org cve@mitre.org |
graylog2 -- graylog2_server | Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue. | 2024-02-07 | 8.8 | CVE-2024-24824 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
gttb -- gtb_central_console | An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known value. | 2024-02-02 | 9.8 | CVE-2024-22108 cve@mitre.org cve@mitre.org |
gttb -- gtb_central_console | An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform. | 2024-02-02 | 7.2 | CVE-2024-22107 cve@mitre.org cve@mitre.org |
hashicorp -- boundary | Boundary and Boundary Enterprise ("Boundary") is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application. | 2024-02-05 | 8 | CVE-2024-1052 security@hashicorp.com |
hashicorp -- nomad | HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14. | 2024-02-08 | 7.7 | CVE-2024-1329 security@hashicorp.com |
ibm -- cloud_pak_system | IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733. | 2024-02-02 | 7.5 | CVE-2023-38273 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- engineering_lifecycle_optimization_publishing | IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. | 2024-02-09 | 7.5 | CVE-2023-45191 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. | 2024-02-02 | 9.8 | CVE-2023-32333 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- operational_decision_manager | IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. | 2024-02-02 | 9.8 | CVE-2024-22319 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- operational_decision_manager | IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146. | 2024-02-02 | 8.8 | CVE-2024-22320 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130. | 2024-02-02 | 9.8 | CVE-2023-50940 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116. | 2024-02-02 | 8.8 | CVE-2023-50936 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107. | 2024-02-02 | 7.5 | CVE-2023-50326 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117. | 2024-02-02 | 7.5 | CVE-2023-50937 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129. | 2024-02-02 | 7.5 | CVE-2023-50939 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_access_manager_container | IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196. | 2024-02-07 | 7.5 | CVE-2023-38369 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access | IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. | 2024-02-07 | 9.8 | CVE-2023-32328 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access | IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. | 2024-02-07 | 9.8 | CVE-2023-32330 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access | IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. | 2024-02-07 | 7.2 | CVE-2023-43017 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765. | 2024-02-03 | 9 | CVE-2023-31004 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651. | 2024-02-03 | 7.5 | CVE-2023-30999 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. | 2024-02-03 | 7.8 | CVE-2023-31005 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776. | 2024-02-03 | 7.5 | CVE-2023-31006 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783. | 2024-02-03 | 7.1 | CVE-2023-32327 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154. | 2024-02-03 | 7.3 | CVE-2023-43016 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- soar_qradar_plugin_app | IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577. | 2024-02-02 | 8.8 | CVE-2023-38263 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- spectrum_protect_plus | IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599. | 2024-02-02 | 7.5 | CVE-2023-47148 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- storage_defender_ -- resiliency_service | IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783. | 2024-02-10 | 8 | CVE-2023-50957 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270. | 2024-02-02 | 9.8 | CVE-2023-47143 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267. | 2024-02-02 | 8.8 | CVE-2023-47142 psirt@us.ibm.com psirt@us.ibm.com |
icinga -- icingaweb2_module_director | Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being. | 2024-02-09 | 8.3 | CVE-2024-24820 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
ireader -- media-server | media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c. | 2024-02-05 | 7.5 | CVE-2024-24260 cve@mitre.org |
ireader -- media-server | media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c. | 2024-02-05 | 7.5 | CVE-2024-24262 cve@mitre.org |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible | 2024-02-06 | 9.8 | CVE-2024-23917 cve@jetbrains.com |
jfinalcms_project -- jfinalcms | JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. | 2024-02-02 | 9.8 | CVE-2024-24029 cve@mitre.org |
jishenghua -- jsherp | jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism. | 2024-02-07 | 9.8 | CVE-2024-24001 cve@mitre.org cve@mitre.org |
jishenghua -- jsherp | jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection. | 2024-02-07 | 9.8 | CVE-2024-24002 cve@mitre.org cve@mitre.org |
jishenghua -- jsherp | jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection. | 2024-02-08 | 9.8 | CVE-2024-24003 cve@mitre.org cve@mitre.org |
jishenghua -- jsherp | jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection. | 2024-02-07 | 9.8 | CVE-2024-24004 cve@mitre.org cve@mitre.org |
jsish -- jsish | Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c. | 2024-02-07 | 9.8 | CVE-2024-24186 cve@mitre.org |
jsish -- jsish | Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. | 2024-02-07 | 9.8 | CVE-2024-24188 cve@mitre.org |
jsish -- jsish | Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c. | 2024-02-07 | 9.8 | CVE-2024-24189 cve@mitre.org |
kddi -- home_spot_cube_2_firmware | Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported. | 2024-02-02 | 9.8 | CVE-2024-23978 vultures@jpcert.or.jp vultures@jpcert.or.jp |
kddi -- home_spot_cube_2_firmware | Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported. | 2024-02-02 | 7.5 | CVE-2024-21780 vultures@jpcert.or.jp vultures@jpcert.or.jp |
kihron -- serverrpexposer | Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. | 2024-02-02 | 9.8 | CVE-2024-22779 cve@mitre.org cve@mitre.org cve@mitre.org |
ledgersmb -- ledgersmb | LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9. | 2024-02-02 | 7.5 | CVE-2024-23831 security-advisories@github.com security-advisories@github.com |
libexpat_project -- libexpat | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | 2024-02-04 | 7.5 | CVE-2023-52425 cve@mitre.org |
libgit2 -- libgit2 | libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2. | 2024-02-06 | 8.6 | CVE-2024-24577 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
libgit2 -- libgit2 | libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2. | 2024-02-06 | 7.5 | CVE-2024-24575 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
libuv -- libuv | libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-07 | 7.3 | CVE-2024-24806 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
liferay -- portal/dxp | Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application. | 2024-02-07 | 9.6 | CVE-2024-25145 security@liferay.com |
liveconfig -- liveconfig | Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint. | 2024-02-02 | 7.5 | CVE-2024-22851 cve@mitre.org |
magic_hills_pty_ltd -- wonder_slider_lite | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS. This issue affects Wonder Slider Lite: from n/a through 13.9. | 2024-02-08 | 7.1 | CVE-2024-24877 audit@patchstack.com |
mailcow -- mailcow-dockerized | mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`. | 2024-02-02 | 7.3 | CVE-2024-24760 security-advisories@github.com security-advisories@github.com |
mate_desktop -- engrampa | Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa. | 2024-02-05 | 8.2 | CVE-2023-52138 security-advisories@github.com security-advisories@github.com |
mediatek -- nr15 | In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981). | 2024-02-05 | 7.5 | CVE-2024-20003 security@mediatek.com |
mediatek -- nr15 | In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985). | 2024-02-05 | 7.5 | CVE-2024-20004 security@mediatek.com |
meshcentral -- meshcentral | Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. | 2024-02-02 | 7.5 | CVE-2023-51838 cve@mitre.org cve@mitre.org cve@mitre.org |
mia_technology_inc. -- mia-med | Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users. This issue affects MİA-MED: before 1.0.7. | 2024-02-08 | 7.5 | CVE-2023-6517 iletisim@usom.gov.tr |
mia_technology_inc. -- mia-med | Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7. | 2024-02-08 | 7.5 | CVE-2023-6518 iletisim@usom.gov.tr |
mia_technology_inc. -- mia-med | Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7. | 2024-02-08 | 7.5 | CVE-2023-6519 iletisim@usom.gov.tr |
mia_technology_inc -- mia-med | Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7. | 2024-02-08 | 8.8 | CVE-2023-6515 iletisim@usom.gov.tr |
microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2024-02-02 | 8.3 | CVE-2024-21399 secure@microsoft.com |
miro -- miro | Miro Desktop 0.8.18 on macOS allows Electron code injection. | 2024-02-02 | 9.8 | CVE-2024-23746 cve@mitre.org cve@mitre.org cve@mitre.org |
mrcms -- mrcms | MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered. | 2024-02-02 | 7.5 | CVE-2024-24161 cve@mitre.org |
nationalkeep -- cybermath | Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server. This issue affects CyberMath: from v.1.4 before v.1.5. | 2024-02-02 | 9.8 | CVE-2023-6675 iletisim@usom.gov.tr |
nationalkeep -- cybermath | Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery. This issue affects CyberMath: from v1.4 before v1.5. | 2024-02-02 | 8.8 | CVE-2023-6676 iletisim@usom.gov.tr |
oduyo --financial_technology_online_collection | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2. | 2024-02-09 | 9.8 | CVE-2023-6677 iletisim@usom.gov.tr |
open_formulieren -- open_forms | Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could potentially have the second-factor authentication bypassed if an attacker somehow managed to authenticate to Open Forms. The maintainers of Open Forms do not believe it is or has been possible to perform this login. However, if this were possible, the victim's account may be abused to view (potentially sensitive) submission data or have been used to impersonate other staff accounts to view and/or modify data. Three mitigating factors to help prevent exploitation include: the usual login page (at `/admin/login/`) does not fully log in the user until the second factor was succesfully provided; the additional non-MFA protected login page at `/api/v2/api-authlogin/` was misconfigured and could not be used to log in; and there are no additional ways to log in. This also requires credentials of a superuser to be compromised to be exploitable. Versions 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain the following patches to address these weaknesses: Move and only enable the API auth endpoints (`/api/v2/api-auth/login/`) with `settings.DEBUG = True`. `settings.DEBUG = True` is insecure and should never be applied in production settings. Additionally, apply a custom permission check to the hijack flow to only allow second-factor-verified superusers to perform user hijacking. | 2024-02-07 | 7.7 | CVE-2024-24771 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
openharmony -- openharmony | in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write. | 2024-02-02 | 8.8 | CVE-2023-45734 scy@openharmony.io |
openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. | 2024-02-02 | 8.8 | CVE-2024-21860 scy@openharmony.io |
openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. | 2024-02-02 | 7.8 | CVE-2024-21845 scy@openharmony.io |
openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. | 2024-02-02 | 7.8 | CVE-2024-21851 scy@openharmony.io |
openobserve -- openobserve | OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-08 | 9.9 | CVE-2024-24830 security-advisories@github.com |
openobserve -- openobserve | OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/{org_id}/users/{email_id}" endpoint. This vulnerability allows any authenticated user within an organization to remove any other user from that same organization, irrespective of their respective roles. This includes the ability to remove users with "Admin" and "Root" roles. By enabling any organizational member to unilaterally alter the user base, it opens the door to unauthorized access and can cause considerable disruptions in operations. The core of the vulnerability lies in the `remove_user_from_org` function in the user management system. This function is designed to allow organizational users to remove members from their organization. The function does not check if the user initiating the request has the appropriate administrative privileges to remove a user. Any user who is part of the organization, irrespective of their role, can remove any other user, including those with higher privileges. This vulnerability is categorized as an Authorization issue leading to Unauthorized User Removal. The impact is severe, as it compromises the integrity of user management within organizations. By exploiting this vulnerability, any user within an organization, without the need for administrative privileges, can remove critical users, including "Admins" and "Root" users. This could result in unauthorized system access, administrative lockout, or operational disruptions. Given that user accounts are typically created by "Admins" or "Root" users, this vulnerability can be exploited by any user who has been granted access to an organization, thereby posing a critical risk to the security and operational stability of the application. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. | 2024-02-08 | 9.1 | CVE-2024-25106 security-advisories@github.com |
panterasoft -- hdd_health | Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation. | 2024-02-02 | 7.8 | CVE-2024-1201 cve-coordination@incibe.es |
ping_identity -- pingfederate | Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests. | 2024-02-06 | 8.8 | CVE-2023-40545 responsible-disclosure@pingidentity.com responsible-disclosure@pingidentity.com responsible-disclosure@pingidentity.com |
postgresql -- postgresql | Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability. | 2024-02-08 | 8 | CVE-2024-0985 f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 |
pt_woo_plugins_(by_webdados) -- portugal_ctt_tracking_for_woocommerce | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS. This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1. | 2024-02-08 | 7.1 | CVE-2024-24878 audit@patchstack.com |
qibosoft -- qibocms_x1 | A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-05 | 7.3 | CVE-2024-1225 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
qnap -- photo_station | An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later | 2024-02-02 | 8.8 | CVE-2023-47562 security@qnapsecurity.com.tw |
qnap -- qsync_central | An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later | 2024-02-02 | 8.1 | CVE-2023-47564 security@qnapsecurity.com.tw |
qnap -- qts | An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 9.8 | CVE-2023-39303 security@qnapsecurity.com.tw |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 9.8 | CVE-2023-45025 security@qnapsecurity.com.tw |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 8.8 | CVE-2023-39297 security@qnapsecurity.com.tw |
qnap -- qts | A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 8.8 | CVE-2023-47568 security@qnapsecurity.com.tw |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-39302 security@qnapsecurity.com.tw |
qnap -- qts | A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41273 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41275 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41276 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41277 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41278 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41279 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41280 security@qnapsecurity.com.tw |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41281 security@qnapsecurity.com.tw |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41282 security@qnapsecurity.com.tw |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41283 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41292 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-45035 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-45036 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-45037 security@qnapsecurity.com.tw |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-47566 security@qnapsecurity.com.tw |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-47567 security@qnapsecurity.com.tw |
qolsys_inc -- iq_panel_4 | Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. | 2024-02-08 | 7.3 | CVE-2024-0242 productsecurity@jci.com productsecurity@jci.com |
qualcomm -- 315_5g_iot_modem_firmware | Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage. | 2024-02-06 | 7.5 | CVE-2023-33049 product-security@qualcomm.com |
qualcomm -- 315_5g_iot_modem_firmware | Transient DOS in Multi-Mode Call Processor while processing UE policy container. | 2024-02-06 | 7.5 | CVE-2023-33057 product-security@qualcomm.com |
qualcomm -- 315_5g_iot_modem_firmware | Memory corruption in Core while processing control functions. | 2024-02-06 | 7.8 | CVE-2023-33072 product-security@qualcomm.com |
qualcomm -- 315_5g_iot_modem_firmware | Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. | 2024-02-06 | 7.8 | CVE-2023-43513 product-security@qualcomm.com |
qualcomm -- 315_5g_iot_modem_firmware | Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. | 2024-02-06 | 7.5 | CVE-2023-43533 product-security@qualcomm.com |
qualcomm -- 315_5g_iot_modem_firmware | Transient DOS while parse fils IE with length equal to 1. | 2024-02-06 | 7.5 | CVE-2023-43536 product-security@qualcomm.com |
qualcomm -- 9206_lte_modem_firmware | Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points. | 2024-02-06 | 7.8 | CVE-2023-33067 product-security@qualcomm.com |
qualcomm -- 9206_lte_modem_firmware | Memory corruption in Audio while processing IIR config data from AFE calibration block. | 2024-02-06 | 7.8 | CVE-2023-33068 product-security@qualcomm.com |
qualcomm -- 9206_lte_modem_firmware | Memory corruption in Audio while processing the calibration data returned from ACDB loader. | 2024-02-06 | 7.8 | CVE-2023-33069 product-security@qualcomm.com |
qualcomm -- aqt1000_firmware | Memory corruption in video while parsing invalid mp2 clip. | 2024-02-06 | 9.8 | CVE-2023-43518 product-security@qualcomm.com |
qualcomm -- aqt1000_firmware | Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. | 2024-02-06 | 9.8 | CVE-2023-43519 product-security@qualcomm.com |
qualcomm -- aqt1000_firmware | Information disclosure in Audio while accessing AVCS services from ADSP payload. | 2024-02-06 | 7.1 | CVE-2023-33065 product-security@qualcomm.com |
qualcomm -- aqt1000_firmware | Memory corruption in Core when updating rollback version for TA and OTA feature is enabled. | 2024-02-06 | 7.8 | CVE-2023-33076 product-security@qualcomm.com |
qualcomm -- aqt1000_firmware | Memory corruption in HLOS while converting from authorization token to HIDL vector. | 2024-02-06 | 7.8 | CVE-2023-33077 product-security@qualcomm.com |
qualcomm -- aqt1000_firmware | Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. | 2024-02-06 | 7.5 | CVE-2023-43522 product-security@qualcomm.com |
qualcomm -- ar8035_firmware | Information disclosure in Modem while processing SIB5. | 2024-02-06 | 9.1 | CVE-2023-33058 product-security@qualcomm.com |
qualcomm -- ar8035_firmware | Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. | 2024-02-06 | 9.8 | CVE-2023-43520 product-security@qualcomm.com |
qualcomm -- ar8035_firmware | Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. | 2024-02-06 | 9.8 | CVE-2023-43534 product-security@qualcomm.com |
qualcomm -- ar8035_firmware | Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation. | 2024-02-06 | 7 | CVE-2023-33046 product-security@qualcomm.com |
qualcomm -- ar8035_firmware | Transient DOS while processing 11AZ RTT management action frame received through OTA. | 2024-02-06 | 7.5 | CVE-2023-43523 product-security@qualcomm.com |
qualcomm -- fastconnect_6700_firmware | Memory corruption while reading ACPI config through the user mode app. | 2024-02-06 | 7.8 | CVE-2023-43532 product-security@qualcomm.com |
qualcomm -- fastconnect_6700_firmware | Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger. | 2024-02-06 | 7.8 | CVE-2023-43535 product-security@qualcomm.com |
qualcomm -- fastconnect_6900_firmware | Memory corruption when malformed message payload is received from firmware. | 2024-02-06 | 7.8 | CVE-2023-43516 product-security@qualcomm.com |
qualcomm -- qam8255p_firmware | Memory corruption in Automotive Multimedia due to improper access control in HAB. | 2024-02-06 | 7.8 | CVE-2023-43517 product-security@qualcomm.com |
rapidscada -- rapid_scada | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. | 2024-02-02 | 9.8 | CVE-2024-21764 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
rapidscada -- rapid_scada | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation. | 2024-02-02 | 7.8 | CVE-2024-22016 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
remyandrade -- testimonial_page_manager | A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695. | 2024-02-02 | 9.8 | CVE-2024-1197 cna@vuldb.com cna@vuldb.com |
samsung -- magician_pc_software | Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. | 2024-02-07 | 7.3 | CVE-2024-23769 cve@mitre.org |
samsung_mobile -- samsung_mobile_devices | Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. | 2024-02-06 | 8.4 | CVE-2024-20812 mobile.security@samsung.com |
samsung_mobile -- samsung_mobile_devices | Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. | 2024-02-06 | 8.4 | CVE-2024-20813 mobile.security@samsung.com |
samsung_mobile -- samsung_mobile_devices | Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. | 2024-02-06 | 8 | CVE-2024-20815 mobile.security@samsung.com |
samsung_mobile -- samsung_mobile_devices | Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. | 2024-02-06 | 8 | CVE-2024-20816 mobile.security@samsung.com |
silabs -- gecko_software_development_kit | A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | 2024-02-02 | 7.5 | CVE-2023-6387 product-security@silabs.com product-security@silabs.com |
silabs -- gecko_software_development_kit | Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number | 2024-02-05 | 7.5 | CVE-2023-6874 product-security@silabs.com product-security@silabs.com |
snow_software -- inventory_agent | Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages. This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. | 2024-02-08 | 7.8 | CVE-2024-1149 security@snowsoftware.com |
snow_software -- inventory_agent | Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages. This issue affects Inventory Agent: through 7.3.1. | 2024-02-08 | 7.8 | CVE-2024-1150 security@snowsoftware.com |
software_engineering_consultancy_machine_equipment_limited_company -- hearing_tracking_system | Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0. | 2024-02-09 | 8.8 | CVE-2023-6724 iletisim@usom.gov.tr |
softwarefx -- chart_fx | An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. | 2024-02-02 | 7.5 | CVE-2023-39611 cve@mitre.org |
solarwinds -- solarwinds_platform | SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | 2024-02-06 | 8 | CVE-2023-50395 psirt@solarwinds.com psirt@solarwinds.com |
solarwinds -- solarwinds_platform | SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | 2024-02-06 | 8 | CVE-2023-35188 psirt@solarwinds.com psirt@solarwinds.com |
tiangolo -- fastapi | FastAPI is a web framework for building APIs with Python 3.8+ based on standard Python type hints. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests. It's a ReDoS(Regular expression Denial of Service), it only applies to those reading form data, using `python-multipart`. This vulnerability has been patched in version 0.109.1. | 2024-02-05 | 7.5 | CVE-2024-24762 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
tp-link -- er7206_firmware | A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell. | 2024-02-06 | 7.2 | CVE-2023-36498 talos-cna@cisco.com |
tp-link -- er7206_firmware | A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-42664 talos-cna@cisco.com |
tp-link -- er7206_firmware | A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-43482 talos-cna@cisco.com |
tp-link -- er7206_firmware | A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-46683 talos-cna@cisco.com |
tp-link -- er7206_firmware | A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-47167 talos-cna@cisco.com |
tp-link -- er7206_firmware | A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-47209 talos-cna@cisco.com |
tp-link -- er7206_firmware | A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-47617 talos-cna@cisco.com |
tp-link -- er7206_firmware | A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-47618 talos-cna@cisco.com |
vinchin -- vinchin_backup_and_recovery | Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. | 2024-02-02 | 9.8 | CVE-2024-22901 cve@mitre.org cve@mitre.org cve@mitre.org |
vinchin -- vinchin_backup_and_recovery | Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. | 2024-02-02 | 9.8 | CVE-2024-22902 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
vinchin -- vinchin_backup_and_recovery | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. | 2024-02-02 | 8.8 | CVE-2024-22899 cve@mitre.org cve@mitre.org cve@mitre.org |
vinchin -- vinchin_backup_and_recovery | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. | 2024-02-02 | 8.8 | CVE-2024-22900 cve@mitre.org cve@mitre.org cve@mitre.org |
vinchin -- vinchin_backup_and_recovery | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. | 2024-02-02 | 8.8 | CVE-2024-22903 cve@mitre.org cve@mitre.org cve@mitre.org |
vmware -- aria_operations_for_networks | Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. | 2024-02-06 | 7.8 | CVE-2024-22237 security@vmware.com |
vmware -- aria_operations_for_networks | Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. | 2024-02-06 | 7.8 | CVE-2024-22239 security@vmware.com |
vyper -- vyper | Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist. There are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check. | 2024-02-07 | 9.8 | CVE-2024-24563 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
westermo -- lynx | The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally. | 2024-02-06 | 8 | CVE-2023-38579 ics-cert@hq.dhs.gov |
westermo -- lynx | A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. | 2024-02-06 | 8 | CVE-2023-45735 ics-cert@hq.dhs.gov |
wixtoolset -- issues | WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4. | 2024-02-07 | 8.2 | CVE-2024-24810 security-advisories@github.com |
wordpress -- wordpress | The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorization and does not check the uploaded file in its p3dlite_handle_upload AJAX action, allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache. | 2024-02-05 | 9.8 | CVE-2021-4436 contact@wpscan.com |
wordpress -- wordpress | The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-02-05 | 9.8 | CVE-2023-6933 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Shield Security - Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. | 2024-02-05 | 9.8 | CVE-2023-6989 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default, this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors. | 2024-02-05 | 9.1 | CVE-2024-0221 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export. | 2024-02-02 | 9.8 | CVE-2024-0685 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Cryptocurrency Widgets - Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-05 | 9.8 | CVE-2024-0709 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-08 | 9.8 | CVE-2024-1207 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts. | 2024-02-05 | 8.8 | CVE-2023-6700 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function. | 2024-02-05 | 8.8 | CVE-2023-6846 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Display custom fields in the frontend - Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. This makes it possible for authenticated attackers with contributor-level and above permissions to call arbitrary functions and execute code. | 2024-02-05 | 8.8 | CVE-2023-6996 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles. | 2024-02-05 | 8.2 | CVE-2024-0324 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-10 | 8.8 | CVE-2024-0594 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access. | 2024-02-05 | 8.1 | CVE-2024-0761 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Instant Images - One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options. | 2024-02-05 | 8.8 | CVE-2024-0869 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Website Builder by SeedProd - Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23. | 2024-02-05 | 8.2 | CVE-2024-1072 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-07 | 8.8 | CVE-2024-1118 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-02-05 | 7.2 | CVE-2023-6635 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin (the default is editor role, but access can also be granted to contributor role), to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-02-05 | 7.2 | CVE-2023-6925 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'reset_form' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-05 | 7.1 | CVE-2024-0428 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources. | 2024-02-09 | 7.5 | CVE-2024-0842 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2024-02-02 | 7.2 | CVE-2024-0844 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content. | 2024-02-03 | 7.5 | CVE-2024-0909 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2. | 2024-02-08 | 7.1 | CVE-2024-24881 audit@patchstack.com |
xiandafu -- beetl | Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. | 2024-02-02 | 9.8 | CVE-2024-22533 cve@mitre.org |
xorg -- xorg-server | An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. | 2024-02-09 | 7.8 | CVE-2024-0229 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list | 2024-02-06 | 9.8 | CVE-2024-24013 cve@mitre.org cve@mitre.org |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list | 2024-02-08 | 9.8 | CVE-2024-24014 cve@mitre.org cve@mitre.org |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit | 2024-02-06 | 9.8 | CVE-2024-24015 cve@mitre.org cve@mitre.org |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list | 2024-02-08 | 9.8 | CVE-2024-24017 cve@mitre.org cve@mitre.org |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list | 2024-02-08 | 9.8 | CVE-2024-24018 cve@mitre.org cve@mitre.org |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list | 2024-02-07 | 9.8 | CVE-2024-24019 cve@mitre.org cve@mitre.org |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list. | 2024-02-08 | 9.8 | CVE-2024-24021 cve@mitre.org cve@mitre.org |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list. | 2024-02-08 | 9.8 | CVE-2024-24023 cve@mitre.org cve@mitre.org |
xxyopen -- novel-plus | An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download. | 2024-02-08 | 9.8 | CVE-2024-24024 cve@mitre.org cve@mitre.org |
xxyopen -- novel-plus | An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. | 2024-02-08 | 9.8 | CVE-2024-24025 cve@mitre.org cve@mitre.org |
xxyopen -- novel-plus | An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. | 2024-02-08 | 9.8 | CVE-2024-24026 cve@mitre.org cve@mitre.org |
yannick_lefebvre -- link_library | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS. This issue affects Link Library: from n/a through 7.5.13. | 2024-02-08 | 7.1 | CVE-2024-24879 audit@patchstack.com |
yarn -- yarn | An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways. | 2024-02-04 | 7.7 | CVE-2021-4435 patrick@puiterwijk.org patrick@puiterwijk.org patrick@puiterwijk.org patrick@puiterwijk.org |
zohocorp -- manageengine_adaudit_plus | Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. | 2024-02-02 | 9.8 | CVE-2023-48792 cve@mitre.org cve@mitre.org |
zohocorp -- manageengine_adaudit_plus | Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. | 2024-02-02 | 9.8 | CVE-2023-48793 cve@mitre.org cve@mitre.org |
zohocorp -- manageengine_adaudit_plus | ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | 2024-02-02 | 8.8 | CVE-2024-0253 0fc0942c-577d-436f-ae8e-945763c79b02 |
zohocorp -- manageengine_adaudit_plus | ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | 2024-02-02 | 8.8 | CVE-2024-0269 0fc0942c-577d-436f-ae8e-945763c79b02 |
zopefoundation -- products_sqlalchemyda | SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem. | 2024-02-07 | 9.8 | CVE-2024-24811 security-advisories@github.com security-advisories@github.com |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
1panel-dev -- 1panel | 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6. | 2024-02-05 | 6.5 | CVE-2024-24768 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
acowebs -- product_labels_for_woocommerce_(sale_badges) | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3. | 2024-02-08 | 5.9 | CVE-2024-24886 audit@patchstack.com |
allegro_ai -- clearml | Allegro AI's open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords. | 2024-02-05 | 6 | CVE-2024-24595 6f8de1f0-f67e-45a6-b68f-98777fdb759c |
ansible -- ansible | An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. | 2024-02-06 | 5 | CVE-2024-0690 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
antisamy_project -- antisamy | AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later. | 2024-02-02 | 6.1 | CVE-2024-23635 security-advisories@github.com |
apache_software_foundation -- ozone | Improper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0. Users are recommended to upgrade to version 1.4.0, which fixes the issue. | 2024-02-07 | 5.3 | CVE-2023-39196 security@apache.org security@apache.org |
apollo13themes -- apollo13_framework_extensions | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS. This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2. | 2024-02-08 | 6.5 | CVE-2024-24880 audit@patchstack.com |
audrasjb -- gdpr_data_request_form | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS. This issue affects GDPR Data Request Form: from n/a through 1.6. | 2024-02-08 | 6.5 | CVE-2024-24836 audit@patchstack.com |
axis_communications_ab -- axis_os | Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2024-02-05 | 6.3 | CVE-2023-5677 product-security@axis.com |
axis_communications_ab -- axis_os | Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2024-02-05 | 5.4 | CVE-2023-5800 product-security@axis.com |
beijing_baichuo -- smart_s20_management_platform | A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252993 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-06 | 4.7 | CVE-2024-1254 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
beijing_baichuo -- smart_s40_management_platform | A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-06 | 4.7 | CVE-2024-1253 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
blockmason -- credit-protocol | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of service. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 082e01f18707ef995e80ebe97fcedb229a55efc5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252799. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2024-02-04 | 4.3 | CVE-2018-25098 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
blurams -- lumi_security_camera_a31c_firmware | An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. | 2024-02-02 | 6.8 | CVE-2023-51820 cve@mitre.org cve@mitre.org |
br-automation -- automation_runtime | A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user's browser session. | 2024-02-05 | 6.1 | CVE-2023-6028 cybersecurity@ch.abb.com |
ckeditor -- ckeditor4 | CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts. | 2024-02-07 | 6.1 | CVE-2024-24815 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
ckeditor -- ckeditor4 | CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts. | 2024-02-07 | 6.1 | CVE-2024-24816 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
clicktotweet.com -- click_to_tweet | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14. | 2024-02-10 | 6.5 | CVE-2024-23514 audit@patchstack.com |
codeastro -- employee_task_management_system | A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability. | 2024-02-03 | 5.4 | CVE-2024-1199 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
codeastro -- restaurant_pos_system | A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253011. | 2024-02-07 | 6.3 | CVE-2024-1268 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
creative_themes -- blocksy | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.0.19. | 2024-02-08 | 6.5 | CVE-2024-24871 audit@patchstack.com |
cryptlib -- cryptlib | A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server's certificate. | 2024-02-05 | 5.9 | CVE-2024-0202 patrick@puiterwijk.org |
cups_easy -- cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-02-02 | 6.1 | CVE-2024-23895 cve-coordination@incibe.es |
dan_dulaney -- dan's_embedder_for_google_calendar | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS. This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2. | 2024-02-05 | 6.5 | CVE-2023-51504 audit@patchstack.com |
dell -- appsync | Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. | 2024-02-08 | 6.2 | CVE-2024-22464 security_alert@emc.com |
dell -- cpg_bios | Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. | 2024-02-06 | 6.7 | CVE-2023-28063 security_alert@emc.com |
dell -- dell_bsafe_ssl-j | Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. | 2024-02-10 | 4.4 | CVE-2023-28077 security_alert@emc.com |
dell -- dell_command_monitor | Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete. | 2024-02-06 | 4.7 | CVE-2023-28049 security_alert@emc.com |
dell -- dell_display_manager | Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion | 2024-02-06 | 6.6 | CVE-2023-32474 security_alert@emc.com |
dell -- dell_encryption | Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. | 2024-02-06 | 6.7 | CVE-2023-32479 security_alert@emc.com |
dell -- dup_framework | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | 2024-02-06 | 6.3 | CVE-2023-32454 security_alert@emc.com |
dev.dans-art -- add_customer_for_woocommerce | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan's Art Add Customer for WooCommerce allows Stored XSS.This issue affects Add Customer for WooCommerce: from n/a through 1.7. | 2024-02-05 | 4.8 | CVE-2024-24841 audit@patchstack.com |
elastic -- apm_server | An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs. | 2024-02-07 | 5.7 | CVE-2024-23448 bressers@elastic.co bressers@elastic.co |
elastic -- elastic_network_drive_connector | An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user. | 2024-02-07 | 5.3 | CVE-2024-23447 bressers@elastic.co bressers@elastic.co |
elastic -- kibana | An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index. | 2024-02-07 | 6.5 | CVE-2024-23446 bressers@elastic.co bressers@elastic.co |
emerson -- rosemount_gc370xa | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. | 2024-02-09 | 6.9 | CVE-2023-43609 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
emerson -- rosemount_gc370xa | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer. | 2024-02-09 | 6.9 | CVE-2023-49716 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
enalean -- tuleap | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition. | 2024-02-06 | 5.3 | CVE-2024-23344 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 4.3 | CVE-2024-23323 security-advisories@github.com security-advisories@github.com |
fivestarplugins -- five_star_restaurant_menu | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5. | 2024-02-05 | 5.4 | CVE-2024-24838 audit@patchstack.com |
forum_one -- wp-cfm | Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm. This issue affects WP-CFM: from n/a through 1.7.8. | 2024-02-07 | 5.4 | CVE-2024-24706 audit@patchstack.com audit@patchstack.com |
frappe -- frappe | Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available. | 2024-02-07 | 5.4 | CVE-2024-24812 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
galleon -- eap_eap-xp_servers | An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server. | 2024-02-06 | 6.8 | CVE-2023-4503 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
getsentry -- sentry | Sentry is an error tracking and performance monitoring platform. Sentry's integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 4.3 | CVE-2024-24829 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
gitlab -- gitlab | An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches. | 2024-02-08 | 6.5 | CVE-2023-6564 cve@gitlab.com |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.6.7, all versions starting from 16.7 before 16.7.5, all versions starting from 16.8 before 16.8.2. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file. | 2024-02-07 | 6.5 | CVE-2023-6736 cve@gitlab.com cve@gitlab.com |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR. | 2024-02-07 | 6.7 | CVE-2023-6840 cve@gitlab.com cve@gitlab.com |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay` | 2024-02-07 | 6.5 | CVE-2024-1066 cve@gitlab.com |
globalscape -- cuteftp | A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1190 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
gnu -- coreutils | A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service. | 2024-02-06 | 5.5 | CVE-2024-0684 patrick@puiterwijk.org patrick@puiterwijk.org patrick@puiterwijk.org |
google -- android | In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601. | 2024-02-05 | 6.7 | CVE-2024-20001 security@mediatek.com |
google -- android | In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715. | 2024-02-05 | 6.7 | CVE-2024-20002 security@mediatek.com |
google -- android | In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560. | 2024-02-05 | 6.7 | CVE-2024-20010 security@mediatek.com |
google -- android | In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566. | 2024-02-05 | 6.7 | CVE-2024-20012 security@mediatek.com |
google -- android | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608. | 2024-02-05 | 6.7 | CVE-2024-20013 security@mediatek.com |
google -- android | In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901. | 2024-02-05 | 4.4 | CVE-2024-20016 security@mediatek.com |
graylog -- graylog | Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable. | 2024-02-07 | 5.7 | CVE-2024-24823 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
hcl -- bigfix | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. | 2024-02-03 | 6.5 | CVE-2023-37528 psirt@hcl.com |
hcl-- devops_deploy | HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. | 2024-02-03 | 6.2 | CVE-2024-23550 psirt@hcl.com |
hcl_software -- hcl_sametime | Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. | 2024-02-09 | 5.9 | CVE-2023-50349 psirt@hcl.com |
hcl_software -- hcl_sametime | Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. | 2024-02-10 | 4 | CVE-2023-45696 psirt@hcl.com |
hcl_software -- hcl_sametime | Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. | 2024-02-10 | 4.8 | CVE-2023-45698 psirt@hcl.com |
hcltech -- bigfix_platform | A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. | 2024-02-02 | 6.1 | CVE-2023-37527 psirt@hcl.com |
hcltech -- bigfix_platform | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. | 2024-02-02 | 5.4 | CVE-2024-23553 psirt@hcl.com |
hid_global -- hid_iclass_se_reader_configuration_cards | Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys. | 2024-02-07 | 5.3 | CVE-2024-23806 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
hid_global -- iclass_se_cp1000_encoder | Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys. | 2024-02-06 | 5.9 | CVE-2024-22388 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
howard_ehrenberg -- custom_post_carousels_with_owl | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS. This issue affects Custom Post Carousels with Owl: from n/a through 1.4.6. | 2024-02-10 | 6.5 | CVE-2023-51493 audit@patchstack.com |
ibm -- aspera_faspex | IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441. | 2024-02-02 | 5.4 | CVE-2022-40744 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- business_automation_workflow | IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665. | 2024-02-04 | 5.4 | CVE-2023-50947 psirt@us.ibm.com psirt@us.ibm.com psirt@us.ibm.com |
ibm -- engineering_lifecycle_optimization_publishing | IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749. | 2024-02-09 | 6.3 | CVE-2023-45187 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- engineering_lifecycle_optimization_publishing | IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. | 2024-02-09 | 5.1 | CVE-2023-45190 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- i_access_client_solutions | IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091. | 2024-02-09 | 5.1 | CVE-2024-22318 psirt@us.ibm.com psirt@us.ibm.com psirt@us.ibm.com |
ibm -- integration_bus_for_z/os | The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972. | 2024-02-09 | 6.5 | CVE-2024-22332 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113. | 2024-02-02 | 6.1 | CVE-2023-50933 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115. | 2024-02-02 | 6.5 | CVE-2023-50935 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109. | 2024-02-02 | 5.3 | CVE-2023-50327 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. | 2024-02-02 | 5.3 | CVE-2023-50328 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114. | 2024-02-02 | 5.3 | CVE-2023-50934 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131. | 2024-02-02 | 5.4 | CVE-2023-50941 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004. | 2024-02-02 | 5.9 | CVE-2023-50962 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128. | 2024-02-02 | 4.3 | CVE-2023-50938 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- powervm_hypervisor | IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695. | 2024-02-06 | 5.3 | CVE-2023-46183 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_access_manager_container | IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | 2024-02-07 | 5.5 | CVE-2023-31002 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972. | 2024-02-03 | 5.5 | CVE-2023-32329 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- semeru_runtime | IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222. | 2024-02-10 | 5.9 | CVE-2024-22361 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- soar_qradar_plugin_app | IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575. | 2024-02-02 | 6.5 | CVE-2023-38019 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- soar_qradar_plugin_app | IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576. | 2024-02-02 | 4.3 | CVE-2023-38020 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- sterling_b2b_integrator | IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827. | 2024-02-09 | 6.5 | CVE-2023-32341 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. | 2024-02-09 | 4.3 | CVE-2023-42016 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- storage_ceph | IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. | 2024-02-02 | 6.5 | CVE-2023-46159 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- storage_defender-resiliency_service | IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | 2024-02-10 | 4.4 | CVE-2024-22312 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- storage_defender_resiliency_service | IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | 2024-02-10 | 6.2 | CVE-2024-22313 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- storage_virtualize | IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016. | 2024-02-07 | 5.9 | CVE-2023-47700 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271. | 2024-02-02 | 6.1 | CVE-2023-47144 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- urbancode_deploy | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971. | 2024-02-06 | 6.2 | CVE-2024-22331 psirt@us.ibm.com psirt@us.ibm.com |
ibm-- powervm_hypervisor | IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135. | 2024-02-04 | 5.3 | CVE-2023-33851 psirt@us.ibm.com psirt@us.ibm.com |
icinga -- icingaweb2-module-incubator | icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 5.3 | CVE-2024-24819 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
if_so_plugin -- if-so_dynamic_content_personalization | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1. | 2024-02-10 | 6.5 | CVE-2023-51492 audit@patchstack.com |
indent-- indent_2.2.13 | A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash. | 2024-02-06 | 5.5 | CVE-2024-0911 patrick@puiterwijk.org patrick@puiterwijk.org |
itop -- vpn | A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1195 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
jetbrains -- intellij_idea | In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL | 2024-02-06 | 5.3 | CVE-2024-24941 cve@jetbrains.com |
jetbrains -- intellij_idea | In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives | 2024-02-06 | 4.3 | CVE-2024-24940 cve@jetbrains.com |
jetbrains -- rider | In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible | 2024-02-06 | 5.3 | CVE-2024-24939 cve@jetbrains.com |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed | 2024-02-06 | 5.3 | CVE-2024-24936 cve@jetbrains.com |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible | 2024-02-06 | 5.4 | CVE-2024-24937 cve@jetbrains.com |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation | 2024-02-06 | 5.3 | CVE-2024-24938 cve@jetbrains.com |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives | 2024-02-06 | 5.3 | CVE-2024-24942 cve@jetbrains.com |
jetbrains -- toolbox | In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image | 2024-02-06 | 5.5 | CVE-2024-24943 cve@jetbrains.com |
jgadbois -- calculatorpro_calculators | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7. | 2024-02-05 | 6.1 | CVE-2024-24847 audit@patchstack.com |
jspxcms -- jspxcms | A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. Theexploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability. | 2024-02-03 | 5.3 | CVE-2024-1200 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
juanpao -- jpshop | A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability. | 2024-02-06 | 6.3 | CVE-2024-1259 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
juanpao -- jpshop | A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999. | 2024-02-06 | 6.3 | CVE-2024-1260 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
juanpao -- jpshop | A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000. | 2024-02-06 | 6.3 | CVE-2024-1261 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
juanpao -- jpshop | A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253001 was assigned to this vulnerability. | 2024-02-06 | 6.3 | CVE-2024-1262 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
juanpao -- jpshop | A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability. | 2024-02-06 | 6.3 | CVE-2024-1263 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
juanpao -- jpshop | A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253003. | 2024-02-07 | 6.3 | CVE-2024-1264 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
leanote -- leanote | Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. | 2024-02-07 | 5.5 | CVE-2024-0849 help@fluidattacks.com help@fluidattacks.com |
leap13 -- premium_addons_for_elementor | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS. This issue affects Premium Addons for Elementor: from n/a through 4.10.16. | 2024-02-10 | 6.5 | CVE-2024-24831 audit@patchstack.com |
libexpat_project -- libexpat | libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. | 2024-02-04 | 5.5 | CVE-2023-52426 cve@mitre.org cve@mitre.org cve@mitre.org |
liferay -- portal/dxp | The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images. | 2024-02-07 | 6.5 | CVE-2024-25143 security@liferay.com |
liferay -- portal/dxp | Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked. | 2024-02-08 | 5.4 | CVE-2023-47798 security@liferay.com |
liferay -- portal/dxp | Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used. | 2024-02-08 | 5.3 | CVE-2024-25146 security@liferay.com |
liferay -- portal/dxp | In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content. | 2024-02-08 | 5.4 | CVE-2024-25148 security@liferay.com |
liferay -- portal/dxp | The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame. | 2024-02-08 | 4.1 | CVE-2024-25144 security@liferay.com |
linecorp -- central_dogma | Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass. | 2024-02-02 | 6.1 | CVE-2024-1143 dl_cve@linecorp.com |
linksys -- wrt54gl | A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-09 | 4.3 | CVE-2024-1404 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
linksys -- wrt54gl | A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-10 | 4.3 | CVE-2024-1405 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
linksys -- wrt54gl | A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-10 | 4.3 | CVE-2024-1406 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
linux -- kernel | A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key. | 2024-02-04 | 6.5 | CVE-2023-6240 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
linux -- kernel | A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. | 2024-02-07 | 6.5 | CVE-2023-6356 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
linux -- kernel | A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. | 2024-02-07 | 6.5 | CVE-2023-6535 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
linux -- kernel | A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. | 2024-02-07 | 6.5 | CVE-2023-6536 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
linux -- kernel | A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. | 2024-02-05 | 6.8 | CVE-2024-24857 security@openanolis.org |
linux -- kernel | A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue. | 2024-02-05 | 6.3 | CVE-2024-24861 security@openanolis.org |
linux -- kernel | A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system. | 2024-02-08 | 5.1 | CVE-2024-1312 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
linux -- kernel | A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service. | 2024-02-05 | 5.3 | CVE-2024-24858 security@openanolis.org |
linux -- kernel | A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | 2024-02-05 | 4.7 | CVE-2024-22386 security@openanolis.org |
linux -- kernel | A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | 2024-02-05 | 4.7 | CVE-2024-23196 security@openanolis.org |
linux -- kernel | A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | 2024-02-05 | 4.7 | CVE-2024-24855 security@openanolis.org |
linux -- kernel | A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service. | 2024-02-05 | 4.8 | CVE-2024-24859 security@openanolis.org |
linux -- kernel | A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | 2024-02-05 | 4.6 | CVE-2024-24860 security@openanolis.org |
linux -- kernel | A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | 2024-02-05 | 4.7 | CVE-2024-24864 security@openanolis.org |
lê_văn_toản -- woocommerce_vietnam_checkout | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lê Văn Toản Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7. | 2024-02-08 | 5.9 | CVE-2024-24885 audit@patchstack.com |
m2crypto -- m2crypto | A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | 2024-02-05 | 5.9 | CVE-2023-50781 secalert@redhat.com secalert@redhat.com |
mark_kinchin -- beds24_online_booking | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS. This issue affects Beds24 Online Booking: from n/a through 2.0.23. | 2024-02-10 | 5.9 | CVE-2024-24717 audit@patchstack.com |
mattermost -- mattermost | Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post. | 2024-02-09 | 4.3 | CVE-2024-1402 responsibledisclosure@mattermost.com |
michael_dempfle -- advanced_iframe | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS. This issue affects Advanced iFrame: from n/a through 2023.10. | 2024-02-05 | 6.5 | CVE-2024-24870 audit@patchstack.com |
micronaut-projects -- micronaut-core | Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade. | 2024-02-09 | 5.1 | CVE-2024-23639 security-advisories@github.com security-advisories@github.com |
mightythemes -- mighty_addons | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MightyThemes Mighty Addons for Elementor allows Reflected XSS.This issue affects Mighty Addons for Elementor: from n/a through 1.9.3. | 2024-02-05 | 6.1 | CVE-2024-24846 audit@patchstack.com |
miraheze -- managewiki | ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability. | 2024-02-09 | 6.5 | CVE-2024-25109 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
miraheze -- wikidiscover | WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability. | 2024-02-08 | 4.9 | CVE-2024-25107 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
mjssoftware -- sign_ups | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MJS Software PT Sign Ups - Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups - Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4. | 2024-02-05 | 6.1 | CVE-2024-24848 audit@patchstack.com |
mozilla -- firefox | When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. | 2024-02-05 | 6.1 | CVE-2024-0953 security@mozilla.org |
mpedraza2020 -- intranet_del_monterroso | A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dni_profe leads to sql injection. Upgrading to version 4.51.0 is able to address this issue. The identifier of the patch is 678190bee1dfd64b54a2b0e88abfd009e78adce8. It is recommended to upgrade the affected component. The identifier VDB-252717 was assigned to this vulnerability. | 2024-02-04 | 5.5 | CVE-2019-25159 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
mrcms -- mrcms | MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. | 2024-02-02 | 5.4 | CVE-2024-24160 cve@mitre.org |
munsoft -- easy_archive_recovery | A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1186 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
munsoft -- easy_outlook_express_recovery | A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1187 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nagios -- nagios_xi | A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators. | 2024-02-02 | 5.4 | CVE-2023-51072 cve@mitre.org |
nationalkeep -- cybermath | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS.This issue affects CyberMath: from v.1.4 before v.1.5. | 2024-02-02 | 6.1 | CVE-2023-6673 iletisim@usom.gov.tr |
nationalkeep -- cybermath | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS.This issue affects CyberMath: from v1.4 before v1.5. | 2024-02-02 | 5.4 | CVE-2023-6672 iletisim@usom.gov.tr |
navicat -- navicat | A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252683. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1193 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
netapp -- storagegrid_(formerly_storagegrid_webscale) | StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service. | 2024-02-05 | 6.5 | CVE-2023-27318 security-alert@netapp.com |
noahkagan -- scroll_triggered_box | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3. | 2024-02-05 | 5.4 | CVE-2024-24865 audit@patchstack.com |
nonebot -- nonebot2 | nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template. | 2024-02-09 | 5.7 | CVE-2024-21624 security-advisories@github.com security-advisories@github.com |
nsasoft -- network_bandwidth_monitor | A vulnerability classified as problematic has been found in Nsasoft NBMonitor Network Bandwidth Monitor 1.6.5.0. This affects an unknown part of the component Registration Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252675. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1185 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nsasoft -- network_sleuth | A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-252674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1184 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
openbi -- openbi | A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696. | 2024-02-03 | 6.3 | CVE-2024-1198 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. | 2024-02-02 | 6.2 | CVE-2024-21863 scy@openharmony.io |
openharmony -- openharmony | in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read. | 2024-02-02 | 5.5 | CVE-2023-43756 scy@openharmony.io |
openharmony -- openharmony | in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read. | 2024-02-02 | 5.5 | CVE-2023-49118 scy@openharmony.io |
openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. | 2024-02-02 | 5.5 | CVE-2024-0285 scy@openharmony.io |
phpems -- phpems | A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability. | 2024-02-09 | 6.3 | CVE-2024-1353 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
pimcore -- admin_ui_classic_bundle | Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually. | 2024-02-07 | 6.5 | CVE-2024-24822 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
plotly -- dash | Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that's visible to another user who opens that view - not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server. **Note:** This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user. | 2024-02-02 | 5.4 | CVE-2024-21485 report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io |
pyload -- pyload | pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451. | 2024-02-06 | 4.7 | CVE-2024-24808 security-advisories@github.com security-advisories@github.com |
python -- cryptography | A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | 2024-02-05 | 5.9 | CVE-2023-50782 secalert@redhat.com secalert@redhat.com |
qnap -- photo_station | A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later | 2024-02-02 | 5.4 | CVE-2023-47561 security@qnapsecurity.com.tw |
qnap -- qts | An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later | 2024-02-02 | 6.5 | CVE-2023-32967 security@qnapsecurity.com.tw |
qnap -- qts | An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later | 2024-02-02 | 6.7 | CVE-2023-50359 security@qnapsecurity.com.tw |
qnap -- qts | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 4.9 | CVE-2023-41274 security@qnapsecurity.com.tw |
qnap -- qts | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 4.9 | CVE-2023-45026 security@qnapsecurity.com.tw |
qnap -- qts | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 4.9 | CVE-2023-45027 security@qnapsecurity.com.tw |
qnap -- qts | An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 4.9 | CVE-2023-45028 security@qnapsecurity.com.tw |
qualcomm -- aqt1000_firmware | Transient DOS in Audio when invoking callback function of ASM driver. | 2024-02-06 | 5.5 | CVE-2023-33064 product-security@qualcomm.com |
qualcomm -- ar8035_firmware | Transient DOS in Core when DDR memory check is called while DDR is not initialized. | 2024-02-06 | 5.5 | CVE-2023-33060 product-security@qualcomm.com |
rapidscada -- rapid_scada | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system. | 2024-02-02 | 6.5 | CVE-2024-22096 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
rapidscada -- rapid_scada | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. | 2024-02-02 | 5.4 | CVE-2024-21794 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
rapidscada -- rapid_scada | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request. | 2024-02-02 | 5.3 | CVE-2024-21866 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
rapidscada -- rapid_scada | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. | 2024-02-02 | 5.5 | CVE-2024-21869 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
rdkcentral -- rdk-b | In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148. | 2024-02-05 | 6.7 | CVE-2024-20006 security@mediatek.com |
realmag777 -- active_products_tables_for_woocommerce_professional_products_tables_for_woocommerce_store | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store allows Stored XSS.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store: from n/a through 1.0.6. | 2024-02-10 | 6.5 | CVE-2023-51480 audit@patchstack.com |
realmag777 -- bear_bulk_editor_and_products_manager_professional_for_woocommerce_by_pluginus.net | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4. | 2024-02-08 | 5.9 | CVE-2024-24834 audit@patchstack.com |
remyandrade -- testimonial_page_manager | A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability. | 2024-02-02 | 6.1 | CVE-2024-1196 cna@vuldb.com cna@vuldb.com |
rizonesoft -- notepad3 | A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-252678 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1188 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
samsung -- galaxy_store | Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | 2024-02-06 | 5.5 | CVE-2024-20822 mobile.security@samsung.com |
samsung -- galaxy_store | Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | 2024-02-06 | 5.5 | CVE-2024-20823 mobile.security@samsung.com |
samsung -- galaxy_store | Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | 2024-02-06 | 5.5 | CVE-2024-20824 mobile.security@samsung.com |
samsung -- galaxy_store | Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | 2024-02-06 | 5.5 | CVE-2024-20825 mobile.security@samsung.com |
samsung_mobile -- samsung_mobile_devices | Out bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | 2024-02-06 | 6.6 | CVE-2024-20817 mobile.security@samsung.com |
samsung_mobile -- samsung_mobile_devices | Out bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | 2024-02-06 | 6.6 | CVE-2024-20818 mobile.security@samsung.com |
samsung_mobile -- samsung_mobile_devices | Out bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | 2024-02-06 | 6.6 | CVE-2024-20819 mobile.security@samsung.com |
samsung_mobile -- samsung_mobile_devices | Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer. | 2024-02-06 | 5.1 | CVE-2024-20811 mobile.security@samsung.com |
samsung_mobile -- samsung_mobile_devices | Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information. | 2024-02-06 | 4 | CVE-2024-20814 mobile.security@samsung.com |
samsung_mobile -- samsung_mobile_devices | Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read. | 2024-02-06 | 4.4 | CVE-2024-20820 mobile.security@samsung.com |
samsung_mobile -- samsung_mobile_devices | Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. | 2024-02-06 | 4.6 | CVE-2024-20827 mobile.security@samsung.com |
samsung_mobile -- uphelper | Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent. | 2024-02-06 | 5.5 | CVE-2024-20826 mobile.security@samsung.com |
sepidz -- sepidzdigitalmenu | A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. This vulnerability affects unknown code of the file /Waiters. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-06 | 5.3 | CVE-2024-1255 cna@vuldb.com cna@vuldb.com |
snow_software -- snow_inventory_agent | Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof. This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0 | 2024-02-08 | 6 | CVE-2023-7169 security@snowsoftware.com |
solar-log -- 2000_pm\+_firmware | A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. | 2024-02-02 | 5.4 | CVE-2023-46344 cve@mitre.org cve@mitre.org |
spring_security -- spring_security | The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of "CWE-732: Incorrect Permission Assignment for Critical Resource" and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue. | 2024-02-05 | 4.1 | CVE-2023-34042 security@vmware.com |
stimulsoft -- dashboards | Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field. | 2024-02-05 | 5.4 | CVE-2024-24397 cve@mitre.org cve@mitre.org cve@mitre.org |
suite_crm -- suite_crm | Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF. | 2024-02-07 | 5 | CVE-2023-6388 help@fluidattacks.com help@fluidattacks.com |
tenable -- nessus | A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. | 2024-02-07 | 6.5 | CVE-2024-0971 vulnreport@tenable.com |
tenable -- nessus | A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts. | 2024-02-07 | 4.8 | CVE-2024-0955 vulnreport@tenable.com |
thorsten -- phpmyfaq | phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5. | 2024-02-05 | 6.5 | CVE-2024-22208 security-advisories@github.com security-advisories@github.com |
thorsten -- phpmyfaq | phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5. | 2024-02-05 | 6.5 | CVE-2024-24574 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
thorsten -- phpmyfaq | phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5. | 2024-02-05 | 5.7 | CVE-2024-22202 security-advisories@github.com security-advisories@github.com |
tongda -- oa_2017 | A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-252990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-06 | 5.5 | CVE-2024-1251 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tongda -- oa_2017 | A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991. | 2024-02-06 | 5.5 | CVE-2024-1252 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
ujcms -- jspxcms | A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996. | 2024-02-06 | 6.1 | CVE-2024-1257 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
ujcms -- jspxcms | A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995. | 2024-02-06 | 4.3 | CVE-2024-1256 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
vercel -- pkg | pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21's support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security. | 2024-02-09 | 6.6 | CVE-2024-24828 security-advisories@github.com security-advisories@github.com |
vmware -- aria_operations_for_networks | Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. | 2024-02-06 | 4.8 | CVE-2024-22238 security@vmware.com |
vmware -- aria_operations_for_networks | Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. | 2024-02-06 | 4.9 | CVE-2024-22240 security@vmware.com |
vmware -- aria_operations_for_networks | Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. | 2024-02-06 | 4.8 | CVE-2024-22241 security@vmware.com |
websoudan -- mw_wp_form | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS. This issue affects MW WP Form: from n/a through 5.0.6. | 2024-02-10 | 6.5 | CVE-2024-24804 audit@patchstack.com |
westermo -- lynx | A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. | 2024-02-06 | 6.6 | CVE-2023-45213 ics-cert@hq.dhs.gov |
westermo -- lynx | An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. | 2024-02-06 | 5.4 | CVE-2023-40143 ics-cert@hq.dhs.gov |
westermo -- lynx | An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. | 2024-02-06 | 5.7 | CVE-2023-40544 ics-cert@hq.dhs.gov |
westermo -- lynx | An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. | 2024-02-06 | 5.4 | CVE-2023-42765 ics-cert@hq.dhs.gov |
westermo -- lynx | An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. | 2024-02-06 | 5.4 | CVE-2023-45222 ics-cert@hq.dhs.gov |
westermo -- lynx | An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. | 2024-02-06 | 5.4 | CVE-2023-45227 ics-cert@hq.dhs.gov |
western_digital -- my_cloud_os_5 | Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104. | 2024-02-05 | 5.5 | CVE-2023-22817 psirt@wdc.com |
western_digital -- my_cloud_os_5 | An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161. | 2024-02-05 | 4.9 | CVE-2023-22819 psirt@wdc.com |
wolfssl -- wolfssl | wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define "WOLFSSL_STATIC_RSA" enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However, the server's private key is not exposed. | 2024-02-09 | 5.9 | CVE-2023-6935 facts@wolfssl.com facts@wolfssl.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyAgilePrivacy My Agile Privacy - The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy - The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7. | 2024-02-10 | 6.5 | CVE-2023-51404 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP - Donation Plugin and Fundraising Platform: from n/a through 3.2.2. | 2024-02-10 | 6.5 | CVE-2023-51415 audit@patchstack.com |
wordpress -- wordpress | The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-08 | 6.4 | CVE-2023-5665 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Meta Box - WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2023-6526 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Display custom fields in the frontend - Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2023-6982 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The 10Web AI Assistant - AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site. | 2024-02-05 | 6.5 | CVE-2023-6985 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 9.7.6. | 2024-02-05 | 6.4 | CVE-2023-7029 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-0254 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-07 | 6.4 | CVE-2024-0256 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-0448 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-0508 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'request' parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-02-05 | 6.1 | CVE-2024-0509 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.5 | CVE-2024-0586 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Formidable Forms - Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-05 | 6.1 | CVE-2024-0660 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-02-05 | 6.6 | CVE-2024-0668 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.5 | CVE-2024-0678 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-02-05 | 6.6 | CVE-2024-0699 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-0834 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-0954 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-0961 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The All-In-One Security (AIOS) - Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-02-07 | 6.1 | CVE-2024-1037 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-1046 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS. This issue affects CC BMI Calculator: from n/a through 2.0.1. | 2024-02-10 | 6.5 | CVE-2024-23516 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin - Online Booking for WordPress allows Stored XSS. This issue affects Scheduling Plugin - Online Booking for WordPress: from n/a through 3.5.10. | 2024-02-10 | 6.5 | CVE-2024-23517 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS. This issue affects Heateor Social Login WordPress: from n/a through 1.1.30. | 2024-02-10 | 6.5 | CVE-2024-24712 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings - Car Listings & Car Dealership Plugin for WordPress allows Stored XSS. This issue affects Auto Listings - Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5. | 2024-02-10 | 6.5 | CVE-2024-24713 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel - WordPress Owl Carousel Slider allows Stored XSS. This issue affects OWL Carousel - WordPress Owl Carousel Slider: from n/a through 1.4.0. | 2024-02-10 | 6.5 | CVE-2024-24801 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoperation Ultra Companion - Companion plugin for WPoperation Themes allows Stored XSS. This issue affects Ultra Companion - Companion plugin for WPoperation Themes: from n/a through 1.1.9. | 2024-02-10 | 6.5 | CVE-2024-24803 audit@patchstack.com |
wordpress -- wordpress | The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts. | 2024-02-05 | 5.3 | CVE-2023-6557 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2023-6701 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2023-6807 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2023-6808 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2023-6884 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array. | 2024-02-05 | 5.3 | CVE-2023-6963 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Author Box, Guest Author and Co-Authors for Your Posts - Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable. | 2024-02-05 | 5.3 | CVE-2023-7014 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2024-0255 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2024-0382 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2024-0384 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2024-0585 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. | 2024-02-10 | 5.3 | CVE-2024-0596 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Easy Digital Downloads - Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.5 | CVE-2024-0659 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import. | 2024-02-05 | 5.5 | CVE-2024-0691 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator. | 2024-02-05 | 5.3 | CVE-2024-0701 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WOLF - WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions. This makes it possible for unauthenticated attackers to create, modify and delete taxonomy terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Furthermore, the functions wpbe_save_options, wpbe_bulk_delete_posts_count, wpbe_bulk_delete_posts, and wpbe_save_meta are vulnerable to Cross-Site Request Forgery allowing for plugin options update, post count deletion, post deletion and modification of post metadata via forged request. | 2024-02-05 | 5.4 | CVE-2024-0790 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2024-0823 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The PDF Flipbook, 3D Flipbook - DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-03 | 5.4 | CVE-2024-0895 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-02 | 5.4 | CVE-2024-0963 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content. | 2024-02-08 | 5.3 | CVE-2024-0965 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content. | 2024-02-05 | 5.3 | CVE-2024-0969 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys. | 2024-02-02 | 5.3 | CVE-2024-1047 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-07 | 5.4 | CVE-2024-1055 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-02 | 5.4 | CVE-2024-1073 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII. | 2024-02-07 | 5.3 | CVE-2024-1079 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information. | 2024-02-07 | 5.3 | CVE-2024-1109 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings. | 2024-02-07 | 5.3 | CVE-2024-1110 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings. | 2024-02-05 | 5.3 | CVE-2024-1121 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Event Manager, Events Calendar, Events Tickets for WooCommerce - Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. | 2024-02-09 | 5.3 | CVE-2024-1122 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WP Club Manager - WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs | 2024-02-05 | 5.3 | CVE-2024-1177 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions. | 2024-02-05 | 5.3 | CVE-2024-1208 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. | 2024-02-05 | 5.3 | CVE-2024-1209 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes. | 2024-02-05 | 5.3 | CVE-2024-1210 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID. | 2024-02-05 | 4.3 | CVE-2023-4637 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The PDF Generator For Fluent Forms - The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin. | 2024-02-05 | 4.9 | CVE-2023-6953 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings. | 2024-02-05 | 4.3 | CVE-2023-6959 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Display custom fields in the frontend - Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta. | 2024-02-05 | 4.3 | CVE-2023-6983 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Starbox - the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings. | 2024-02-05 | 4.3 | CVE-2024-0366 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts. | 2024-02-05 | 4.3 | CVE-2024-0370 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. | 2024-02-05 | 4.3 | CVE-2024-0371 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. | 2024-02-05 | 4.3 | CVE-2024-0372 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-05 | 4.3 | CVE-2024-0373 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-05 | 4.3 | CVE-2024-0374 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting. | 2024-02-05 | 4.3 | CVE-2024-0380 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-08 | 4.3 | CVE-2024-0511 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails. | 2024-02-10 | 4.3 | CVE-2024-0595 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-02-05 | 4.4 | CVE-2024-0597 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Content Views - Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-02-05 | 4.4 | CVE-2024-0612 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-02-05 | 4.4 | CVE-2024-0630 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-02-09 | 4.4 | CVE-2024-0657 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WOLF - WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms. | 2024-02-05 | 4.3 | CVE-2024-0791 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-05 | 4.3 | CVE-2024-0796 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use. | 2024-02-05 | 4.3 | CVE-2024-0797 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values. | 2024-02-05 | 4.3 | CVE-2024-0835 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-05 | 4.3 | CVE-2024-0859 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image. | 2024-02-07 | 4.4 | CVE-2024-0977 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes. | 2024-02-07 | 4.3 | CVE-2024-1078 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them. | 2024-02-05 | 4.3 | CVE-2024-1092 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-02 | 4.3 | CVE-2024-1162 security@wordfence.com security@wordfence.com |
wp_hosting -- pay_with_vipps_and_mobilepay_for_woocommerce | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS. This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13. | 2024-02-10 | 6.5 | CVE-2023-51485 audit@patchstack.com |
wpsc-plugin -- structured_content | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.6.1. | 2024-02-05 | 5.4 | CVE-2024-24839 audit@patchstack.com |
xunruicms -- xunruicms | Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. | 2024-02-02 | 6.1 | CVE-2024-24388 cve@mitre.org |
zabbix -- zabbix | The cause of vulnerability is improper validation of form input field "Name" on Graph page in Items section. | 2024-02-09 | 5.5 | CVE-2024-22119 security@zabbix.com |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
armcode -- alienip | A vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 3.3 | CVE-2024-1194 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
codeastro -- restaurant_pos_system | A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-253010 is the identifier assigned to this vulnerability. | 2024-02-07 | 3.5 | CVE-2024-1267 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
codeastro -- university_management_system | A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253008. | 2024-02-07 | 2.4 | CVE-2024-1265 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
codeastro -- university_management_system | A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253009 was assigned to this vulnerability. | 2024-02-07 | 2.4 | CVE-2024-1266 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
concrete_cms -- concrete_cms | Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. | 2024-02-09 | 2.4 | CVE-2024-1245 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
concrete_cms -- concrete_cms | Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user's browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9. | 2024-02-09 | 2 | CVE-2024-1246 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
concrete_cms -- concrete_cms | Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability. | 2024-02-09 | 2 | CVE-2024-1247 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
grub2 -- grub2 | A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks. | 2024-02-06 | 3.3 | CVE-2024-1048 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
hcl_software -- hcl_sametime | Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session. | 2024-02-09 | 3.9 | CVE-2023-45718 psirt@hcl.com |
juanpao -- jpshop | A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability. | 2024-02-06 | 3.1 | CVE-2024-1258 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
mailcow -- mailcow-dockerized | mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01. | 2024-02-02 | 2.7 | CVE-2024-23824 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
mattermost -- mattermost | Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message. | 2024-02-09 | 3.5 | CVE-2024-23319 responsibledisclosure@mattermost.com |
mattermost -- mattermost | Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues. | 2024-02-09 | 3.4 | CVE-2024-24774 responsibledisclosure@mattermost.com |
mattermost -- mattermost | Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions. | 2024-02-09 | 3.1 | CVE-2024-24776 responsibledisclosure@mattermost.com |
planet-freo -- planet-freo | A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 6ad38c58a45642eb8c7844e2f272ef199f59550d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-252716. | 2024-02-04 | 3.7 | CVE-2015-10129 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sametime -- sametime | Sametime is impacted by sensitive information passed in URL. | 2024-02-09 | 1.7 | CVE-2023-45716 psirt@hcl.com |
samsung_mobile -- samsung_internet | Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. | 2024-02-06 | 2.4 | CVE-2024-20828 mobile.security@samsung.com |
samsung_mobile -- samsung_mobile_devices | Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows attackers to get sensitive information. | 2024-02-06 | 3.3 | CVE-2024-20810 mobile.security@samsung.com |
sourcecodester -- crud | A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability. | 2024-02-03 | 3.5 | CVE-2024-1215 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- product_management_system | A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument supplier_name/supplier_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253012. | 2024-02-07 | 2.4 | CVE-2024-1269 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sulu-- sulu | Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12. | 2024-02-05 | 2.7 | CVE-2024-24807 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
vyperlang -- vyper | Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available. | 2024-02-05 | 3.7 | CVE-2024-24559 security-advisories@github.com security-advisories@github.com |
vyperlang -- vyper | Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned. | 2024-02-02 | 3.7 | CVE-2024-24560 security-advisories@github.com |
wordpress -- wordpress | The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-02-07 | 3.8 | CVE-2024-0628 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Minimal Coming Soon - Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden. | 2024-02-05 | 3.7 | CVE-2024-1075 security@wordfence.com security@wordfence.com security@wordfence.com |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
akaunting -- akaunting | An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server. | 2024-02-08 | not yet calculated | CVE-2024-22836 cve@mitre.org cve@mitre.org cve@mitre.org |
android -- binhdrm26_ super_reboot | The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode. | 2024-02-06 | not yet calculated | CVE-2023-47889 cve@mitre.org |
apache_software_foundation -- brpc | Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server. Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch: https://github.com/apache/brpc/pull/2518 | 2024-02-08 | not yet calculated | CVE-2024-23452 security@apache.org security@apache.org security@apache.org security@apache.org |
apache_software_foundation -- solr | Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue: '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*' | 2024-02-09 | not yet calculated | CVE-2023-50291 security@apache.org security@apache.org |
apache_software_foundation -- solr | Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue. | 2024-02-09 | not yet calculated | CVE-2023-50292 security@apache.org security@apache.org |
apache_software_foundation -- solr | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost". Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting. | 2024-02-09 | not yet calculated | CVE-2023-50298 security@apache.org security@apache.org security@apache.org |
apache_software_foundation -- solr | Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader. | 2024-02-09 | not yet calculated | CVE-2023-50386 security@apache.org security@apache.org |
aprktool -- aprktool | Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. | 2024-02-02 | not yet calculated | CVE-2024-24482 cve@mitre.org |
archibus -- app_4.0.3 | An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database. | 2024-02-02 | not yet calculated | CVE-2023-48645 cve@mitre.org |
arm_ltd -- bifrost_gpu_kernel_driver | Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system's memory is carefully prepared by the user, then this in turn cause a use-after-free. This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0. | 2024-02-05 | not yet calculated | CVE-2023-5249 arm-security@arm.com |
arm_ltd -- bifrost_gpu_kernel_driver | Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the system's memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds. This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0. | 2024-02-05 | not yet calculated | CVE-2023-5643 arm-security@arm.com |
artifex -- ghostscript | Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). | 2024-02-04 | not yet calculated | CVE-2020-36773 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
atmail -- atmail | Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page. | 2024-02-07 | not yet calculated | CVE-2024-24133 cve@mitre.org |
atos -- unify_openscape_voice_trace_manager | An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request. | 2024-02-08 | not yet calculated | CVE-2023-40262 cve@mitre.org |
atos -- unify_openscape_voice_trace_manager | An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp. | 2024-02-08 | not yet calculated | CVE-2023-40263 cve@mitre.org |
atos -- unify_openscape_voice_trace_manager | An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface. | 2024-02-08 | not yet calculated | CVE-2023-40264 cve@mitre.org |
atos -- unify_openscape_xpressions_webassistant | An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload. | 2024-02-08 | not yet calculated | CVE-2023-40265 cve@mitre.org |
atos -- unify_openscape_xpressions_webassistant | An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal. | 2024-02-08 | not yet calculated | CVE-2023-40266 cve@mitre.org |
axigen -- axigen | Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. | 2024-02-07 | not yet calculated | CVE-2023-40355 cve@mitre.org |
axigen -- axigen | WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates. | 2024-02-08 | not yet calculated | CVE-2023-49101 cve@mitre.org |
axigen -- webmail | Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and before allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. | 2024-02-08 | not yet calculated | CVE-2023-48974 cve@mitre.org cve@mitre.org |
axiomatic_systems -- bento4 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function. | 2024-02-09 | not yet calculated | CVE-2024-25451 cve@mitre.org |
axiomatic_systems -- bento4 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function. | 2024-02-09 | not yet calculated | CVE-2024-25452 cve@mitre.org |
axiomatic_systems -- bento4 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function. | 2024-02-09 | not yet calculated | CVE-2024-25453 cve@mitre.org cve@mitre.org |
axiomatic_systems -- bento4 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function. | 2024-02-09 | not yet calculated | CVE-2024-25454 cve@mitre.org |
binance -- trust_wallet | The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe and link them to specific wallet addresses in order to steal funds from those wallets. | 2024-02-08 | not yet calculated | CVE-2024-23660 cve@mitre.org cve@mitre.org |
binhdrm26 -- super_reboot | An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) Recovery v1.0.3 allows attackers to arbitrarily reset or power off the device via a crafted intent | 2024-02-06 | not yet calculated | CVE-2023-47354 cve@mitre.org cve@mitre.org |
cellinx -- nvt_web_server | An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request. | 2024-02-08 | not yet calculated | CVE-2024-24215 cve@mitre.org cve@mitre.org cve@mitre.org |
cotonti -- contonti_cms | A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2024-02-08 | not yet calculated | CVE-2024-24115 cve@mitre.org |
curl -- curl | curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check. | 2024-02-03 | not yet calculated | CVE-2024-0853 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 |
cybozu_inc -- cybozu_kunai_for_android | Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations. | 2024-02-06 | not yet calculated | CVE-2024-23304 vultures@jpcert.or.jp vultures@jpcert.or.jp |
d-link -- dir-816A2 | An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. | 2024-02-08 | not yet calculated | CVE-2024-24321 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
d-link -- go-rt-ac750 | D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload. | 2024-02-06 | not yet calculated | CVE-2024-22852 cve@mitre.org cve@mitre.org |
d-link -- go-rt-ac750 | D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. | 2024-02-06 | not yet calculated | CVE-2024-22853 cve@mitre.org cve@mitre.org |
delete-tracker_php -- daily_habit_tracker | SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. | 2024-02-08 | not yet calculated | CVE-2024-24495 cve@mitre.org |
django -- django | An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. | 2024-02-06 | not yet calculated | CVE-2024-24680 cve@mitre.org cve@mitre.org cve@mitre.org |
dronecode -- PX4 | PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes. | 2024-02-06 | not yet calculated | CVE-2024-24254 cve@mitre.org cve@mitre.org |
dronecode -- PX4 | A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions. | 2024-02-06 | not yet calculated | CVE-2024-24255 cve@mitre.org |
dronetag -- drone_scanner | An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets. | 2024-02-06 | not yet calculated | CVE-2024-22520 cve@mitre.org |
easyemail -- easyemail | Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version. | 2024-02-09 | not yet calculated | CVE-2023-39683 cve@mitre.org cve@mitre.org cve@mitre.org |
easysoft -- zentao | An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file. | 2024-02-08 | not yet calculated | CVE-2024-24202 cve@mitre.org |
easysoft -- zentao | Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php. | 2024-02-08 | not yet calculated | CVE-2024-24216 cve@mitre.org cve@mitre.org |
egerie -- risk_manager | An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation. | 2024-02-08 | not yet calculated | CVE-2023-27001 cve@mitre.org |
enlightenment -- imlib2 | An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | not yet calculated | CVE-2024-25447 cve@mitre.org cve@mitre.org |
enlightenment -- imlib2 | An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | not yet calculated | CVE-2024-25448 cve@mitre.org cve@mitre.org |
espruino -- espruino | Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c. | 2024-02-07 | not yet calculated | CVE-2024-25200 cve@mitre.org |
espruino -- espruino | Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c. | 2024-02-07 | not yet calculated | CVE-2024-25201 cve@mitre.org |
eypcnnapps -- quickreboot | The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation. | 2024-02-05 | not yet calculated | CVE-2023-47355 cve@mitre.org cve@mitre.org |
forescout -- secureconnector | Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component. | 2024-02-08 | not yet calculated | CVE-2024-22795 cve@mitre.org cve@mitre.org cve@mitre.org |
glitched_polygons -- l8w8jwt | l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 2024-02-08 | not yet calculated | CVE-2024-25190 cve@mitre.org |
google -- android | In TBD of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-07 | not yet calculated | CVE-2024-22012 dsap-vuln-management@google.com |
google -- chrome | The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. | 2024-02-08 | not yet calculated | CVE-2023-47131 cve@mitre.org |
google -- chrome | Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-02-07 | not yet calculated | CVE-2024-1283 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
google -- chrome | Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-02-07 | not yet calculated | CVE-2024-1284 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
gradio-app -- gradio-app_gradio | A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. | 2024-02-05 | not yet calculated | CVE-2024-0964 security@huntr.dev security@huntr.dev |
grav_cms -- grav | A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. | 2024-02-09 | not yet calculated | CVE-2023-31506 cve@mitre.org |
hardy_barth -- cph2_echarge_ladestation | An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature. | 2024-02-06 | not yet calculated | CVE-2023-46359 cve@mitre.org cve@mitre.org |
hardy_barth -- cph2_echarge_ladestation | Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges. | 2024-02-06 | not yet calculated | CVE-2023-46360 cve@mitre.org cve@mitre.org |
hipresta -- hipresta | SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method. | 2024-02-07 | not yet calculated | CVE-2024-24303 cve@mitre.org |
huaxiaerp -- jsherp | jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths. | 2024-02-06 | not yet calculated | CVE-2024-24000 cve@mitre.org cve@mitre.org |
hugin -- hugin | An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | not yet calculated | CVE-2024-25442 cve@mitre.org |
hugin -- hugin | An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image. | 2024-02-09 | not yet calculated | CVE-2024-25443 cve@mitre.org |
hugin -- hugin | Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. | 2024-02-09 | not yet calculated | CVE-2024-25445 cve@mitre.org |
hugin -- hugin | An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | not yet calculated | CVE-2024-25446 cve@mitre.org |
imlib2 -- imlib2 | imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). | 2024-02-09 | not yet calculated | CVE-2024-25450 cve@mitre.org cve@mitre.org |
imou -- imou_go | An issue in the com.oneed.dvr.service.DownloadFirmwareService component of IMOU GO v1.0.11 allows attackers to force the download of arbitrary files. | 2024-02-06 | not yet calculated | CVE-2023-47353 cve@mitre.org cve@mitre.org |
innovadeluxe -- innovadeluxe | SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. | 2024-02-09 | not yet calculated | CVE-2023-46350 cve@mitre.org |
intelbras -- roteador_action_rf_1200 | Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie resulting in Login Bypass. | 2024-02-06 | not yet calculated | CVE-2024-22773 cve@mitre.org cve@mitre.org |
ispyconnect.com -- agent_dvr | An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. | 2024-02-06 | not yet calculated | CVE-2024-22514 cve@mitre.org |
ispyconnect.com -- agent_dvr | Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. | 2024-02-06 | not yet calculated | CVE-2024-22515 cve@mitre.org |
it_edge_soft -- cineam_seat_reservation_system | Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1." | 2024-02-09 | not yet calculated | CVE-2024-25307 cve@mitre.org |
it_edge_soft -- hotel_management_system | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. | 2024-02-09 | not yet calculated | CVE-2024-25314 cve@mitre.org |
it_edge_soft -- hotel_management_system | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2. | 2024-02-09 | not yet calculated | CVE-2024-25315 cve@mitre.org |
it_edge_soft -- hotel_management_system | Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2. | 2024-02-09 | not yet calculated | CVE-2024-25316 cve@mitre.org |
it_edge_soft -- hotel_management_system | Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2. | 2024-02-09 | not yet calculated | CVE-2024-25318 cve@mitre.org |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php." | 2024-02-09 | not yet calculated | CVE-2024-25304 cve@mitre.org |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php. | 2024-02-09 | not yet calculated | CVE-2024-25305 cve@mitre.org |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php". | 2024-02-09 | not yet calculated | CVE-2024-25306 cve@mitre.org |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php. | 2024-02-09 | not yet calculated | CVE-2024-25308 cve@mitre.org |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php. | 2024-02-09 | not yet calculated | CVE-2024-25309 cve@mitre.org |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5." | 2024-02-09 | not yet calculated | CVE-2024-25310 cve@mitre.org |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5." | 2024-02-09 | not yet calculated | CVE-2024-25312 cve@mitre.org |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php. | 2024-02-09 | not yet calculated | CVE-2024-25313 cve@mitre.org |
kitty -- kitty | KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution. | 2024-02-09 | not yet calculated | CVE-2024-23749 cve@mitre.org cve@mitre.org |
kitty -- kitty | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. | 2024-02-09 | not yet calculated | CVE-2024-25003 cve@mitre.org cve@mitre.org |
kitty -- kitty | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. | 2024-02-09 | not yet calculated | CVE-2024-25004 cve@mitre.org cve@mitre.org |
libjwt -- libjwt | libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 2024-02-08 | not yet calculated | CVE-2024-25189 cve@mitre.org |
libxml2 -- libxml2 | An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. | 2024-02-04 | not yet calculated | CVE-2024-25062 cve@mitre.org cve@mitre.org |
linea_grafica -- linea_grafica | Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction. | 2024-02-07 | not yet calculated | CVE-2024-24311 cve@mitre.org |
linux-pam -- linux-pam | linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | 2024-02-06 | not yet calculated | CVE-2024-22365 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
litespeed -- litespeed_quick_(lsquic) | In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. | 2024-02-09 | not yet calculated | CVE-2024-25678 cve@mitre.org cve@mitre.org cve@mitre.org |
logpoint -- siem | The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure. | 2024-02-03 | not yet calculated | CVE-2023-49950 cve@mitre.org cve@mitre.org |
ltos-web-interface -- meinberg_lantime_firmware | An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls. | 2024-02-04 | not yet calculated | CVE-2021-46902 cve@mitre.org |
ltos-web-interface -- meinberg_lantime_firmware | An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control). | 2024-02-04 | not yet calculated | CVE-2021-46903 cve@mitre.org |
magic_software_enterprises -- magic_xpi | The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport. | 2024-02-06 | not yet calculated | CVE-2023-52239 cve@mitre.org cve@mitre.org |
mail2world -- business_control_center | Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp. | 2024-02-07 | not yet calculated | CVE-2024-24130 cve@mitre.org |
malwarebytes_binisoft_windows_firewall_control -- malwarebytes_binisoft_windows_firewall_control | mMalwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. | 2024-02-04 | not yet calculated | CVE-2024-25089 cve@mitre.org cve@mitre.org |
min -- min | In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document. | 2024-02-09 | not yet calculated | CVE-2024-25677 cve@mitre.org |
mingsoft -- mcms | File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. | 2024-02-05 | not yet calculated | CVE-2024-22567 cve@mitre.org |
misp -- misp | An issue was discovered in MISP before 2.4.184. Organization logo upload is insecure because of a lack of checks for the file extension and MIME type. | 2024-02-09 | not yet calculated | CVE-2024-25674 cve@mitre.org cve@mitre.org |
misp -- misp | An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. | 2024-02-09 | not yet calculated | CVE-2024-25675 cve@mitre.org cve@mitre.org |
n-able -- n-central | An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. | 2024-02-08 | not yet calculated | CVE-2023-47132 cve@mitre.org |
ncr_atleos -- terminal_handler | Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types. | 2024-02-08 | not yet calculated | CVE-2023-47020 cve@mitre.org cve@mitre.org |
ncr_atleos -- terminal_handler | Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection. | 2024-02-06 | not yet calculated | CVE-2023-47022 cve@mitre.org |
npm -- ip_package | An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function. | 2024-02-08 | not yet calculated | CVE-2023-42282 cve@mitre.org |
oaooa -- pichome | File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. | 2024-02-08 | not yet calculated | CVE-2024-24393 cve@mitre.org |
octane877 -- employee_management_system | SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtusername and txtpassword parameters in the login.php components. | 2024-02-08 | not yet calculated | CVE-2024-24497 cve@mitre.org |
octane877 -- employee_management_system | Unrestricted File Upload vulnerability in Employee Management System 1.0 allows a remote attacker to execute arbitrary code via the edit-photo.php component. | 2024-02-08 | not yet calculated | CVE-2024-24498 cve@mitre.org |
octane877 -- employee_management_system | SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtfullname and txtphone parameters in the edit_profile.php component. | 2024-02-08 | not yet calculated | CVE-2024-24499 cve@mitre.org |
october -- october_cms | Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 | 2024-02-08 | not yet calculated | CVE-2023-25365 cve@mitre.org |
opoendroneid -- opendroneid_osm | An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets. | 2024-02-06 | not yet calculated | CVE-2024-22519 cve@mitre.org |
p-quic -- pquic | In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation. | 2024-02-09 | not yet calculated | CVE-2024-25679 cve@mitre.org cve@mitre.org cve@mitre.org |
paessler -- prtg_network_monitor | Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the web console. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-21182. | 2024-02-08 | not yet calculated | CVE-2023-51630 zdi-disclosures@trendmicro.com |
php-jwt -- php-jwt | php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 2024-02-08 | not yet calculated | CVE-2024-25191 cve@mitre.org |
plone -- plone | An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm). | 2024-02-05 | not yet calculated | CVE-2024-23054 cve@mitre.org cve@mitre.org cve@mitre.org |
plone -- plone | The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them. | 2024-02-08 | not yet calculated | CVE-2024-23756 cve@mitre.org |
presta_monster -- hsmultiaccessoriespro | SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts(). | 2024-02-09 | not yet calculated | CVE-2023-50026 cve@mitre.org |
prestashop -- boostmyshop | SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. | 2024-02-09 | not yet calculated | CVE-2024-24308 cve@mitre.org |
prestashop -- mailjet | In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. | 2024-02-07 | not yet calculated | CVE-2024-24304 cve@mitre.org cve@mitre.org |
prestashop -- op'art_easy_redirect | PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher(). | 2024-02-08 | not yet calculated | CVE-2023-50061 cve@mitre.org cve@mitre.org |
prestashop -- rm_bookingcalendar | SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php. | 2024-02-07 | not yet calculated | CVE-2023-46914 cve@mitre.org |
purslane_ltd -- rustdesk | A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation. | 2024-02-06 | not yet calculated | CVE-2024-25140 cve@mitre.org cve@mitre.org cve@mitre.org |
remyandrade -- daily_habit_tracker | Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components. | 2024-02-08 | not yet calculated | CVE-2024-24494 cve@mitre.org |
remyandrade -- daily_habit_tracker | An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components. | 2024-02-08 | not yet calculated | CVE-2024-24496 cve@mitre.org |
reprise -- license_management_software | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account. | 2024-02-03 | not yet calculated | CVE-2023-43183 cve@mitre.org cve@mitre.org |
reprise -- license_management_software | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request. | 2024-02-03 | not yet calculated | CVE-2023-44031 cve@mitre.org cve@mitre.org |
schuhfried -- schuhfried | An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. | 2024-02-07 | not yet calculated | CVE-2023-38995 cve@mitre.org |
setor_informatica -- s_i_l | Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code. | 2024-02-08 | not yet calculated | CVE-2024-24034 cve@mitre.org |
sharp_nec_display_solutions_ltd -- mutiple_products | Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request. | 2024-02-05 | not yet calculated | CVE-2023-7077 psirt-info@cyber.jp.nec.com |
shenzen_tenda_technology -- cp3v2 | An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component. | 2024-02-07 | not yet calculated | CVE-2024-24488 cve@mitre.org |
sofware_publico -- e-sic_livre | File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component. | 2024-02-08 | not yet calculated | CVE-2024-24350 cve@mitre.org cve@mitre.org |
sonicwall -- sonicos | An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. | 2024-02-08 | not yet calculated | CVE-2024-22394 PSIRT@sonicwall.com |
sourcecodester -- event_student_attendance_system | Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. | 2024-02-09 | not yet calculated | CVE-2024-25302 cve@mitre.org |
stimulsoft -- stimulsoft_dashboard | Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component. | 2024-02-05 | not yet calculated | CVE-2024-24396 cve@mitre.org cve@mitre.org cve@mitre.org |
stimulsoft -- stimulsoft_dashboard | Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function. | 2024-02-06 | not yet calculated | CVE-2024-24398 cve@mitre.org cve@mitre.org cve@mitre.org |
stock_management_system -- stock_management_system | SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. | 2024-02-05 | not yet calculated | CVE-2023-51951 cve@mitre.org |
supabase -- database | Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. | 2024-02-08 | not yet calculated | CVE-2024-24213 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
superwebmailer -- superwebmailer | SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php. | 2024-02-07 | not yet calculated | CVE-2024-24131 cve@mitre.org |
symphony -- symphony | An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. | 2024-02-05 | not yet calculated | CVE-2024-23049 cve@mitre.org |
tenda -- ac9 | Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data. | 2024-02-05 | not yet calculated | CVE-2024-24543 cve@mitre.org |
veeam -- recovery_orchestrator | Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. | 2024-02-07 | not yet calculated | CVE-2024-22021 support@hackerone.com |
veeam -- recovery_orchestrator | Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. | 2024-02-07 | not yet calculated | CVE-2024-22022 support@hackerone.com |
vim -- vim | Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. | 2024-02-05 | not yet calculated | CVE-2024-22667 cve@mitre.org cve@mitre.org |
withsecure -- withsecure_client_security | Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later. | 2024-02-08 | not yet calculated | CVE-2024-23764 cve@mitre.org cve@mitre.org |
xmall - xmall | xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. | 2024-02-06 | not yet calculated | CVE-2024-24112 cve@mitre.org |
xuxueli -- xxl-job | xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE. | 2024-02-08 | not yet calculated | CVE-2024-24113 cve@mitre.org |
yealink -- yealink_meeting_server | Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. | 2024-02-08 | not yet calculated | CVE-2024-24091 cve@mitre.org |
yzmcms -- yzmcms | An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. | 2024-02-06 | not yet calculated | CVE-2024-24291 cve@mitre.org |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.