Vulnerability Summary for the Week of February 12, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
9bis -- kitty | KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution. | 2024-02-09 | 7.8 | CVE-2024-23749 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
9bis -- kitty | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. | 2024-02-09 | 7.8 | CVE-2024-25003 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
9bis -- kitty | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. | 2024-02-09 | 7.8 | CVE-2024-25004 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20726 psirt@adobe.com |
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20727 psirt@adobe.com |
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20728 psirt@adobe.com |
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20729 psirt@adobe.com psirt@adobe.com |
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20730 psirt@adobe.com psirt@adobe.com |
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20731 psirt@adobe.com psirt@adobe.com |
adobe -- adobe_framemaker | Adobe Framemaker versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2024-02-15 | 9.8 | CVE-2024-20738 psirt@adobe.com |
adobe -- audition | Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20739 psirt@adobe.com |
adobe -- commerce | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. | 2024-02-15 | 9.1 | CVE-2024-20719 psirt@adobe.com |
adobe -- commerce | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. | 2024-02-15 | 9.1 | CVE-2024-20720 psirt@adobe.com |
adobe -- substance3d_-_designer | Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20750 psirt@adobe.com |
adobe -- substance_3d_painter | Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20723 psirt@adobe.com |
adobe -- substance_3d_painter | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20740 psirt@adobe.com |
adobe -- substance_3d_painter | Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20741 psirt@adobe.com |
adobe -- substance_3d_painter | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20742 psirt@adobe.com |
adobe -- substance_3d_painter | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20743 psirt@adobe.com |
adobe -- substance_3d_painter | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20744 psirt@adobe.com |
alayacare -- procura_portal | Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms. | 2024-02-16 | 8.6 | CVE-2023-6451 vdp@themissinglink.com.au |
alfio-event -- alf.io | Alf.io is a free and open-source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-16 | 7.6 | CVE-2024-25628 security-advisories@github.com |
angular -- angular | This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core). | 2024-02-10 | 7.5 | CVE-2024-21490 report@snyk.io report@snyk.io |
apache -- solr | Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader. | 2024-02-09 | 8.8 | CVE-2023-50386 security@apache.org security@apache.org |
apache -- solr | Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue: '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*' | 2024-02-09 | 7.5 | CVE-2023-50291 security@apache.org security@apache.org |
apache -- solr | Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue. | 2024-02-09 | 7.5 | CVE-2023-50292 security@apache.org security@apache.org |
apache -- solr | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost". Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting. | 2024-02-09 | 7.5 | CVE-2023-50298 security@apache.org security@apache.org security@apache.org |
azure -- azure-uamqp_c | The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability. | 2024-02-12 | 9.8 | CVE-2024-25110 security-advisories@github.com security-advisories@github.com |
boostmyshop -- boostmyshop | SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. | 2024-02-09 | 9.8 | CVE-2024-24308 cve@mitre.org |
code-projects -- cinema_seat_reservation_system | Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1." | 2024-02-09 | 9.8 | CVE-2024-25307 cve@mitre.org |
code-projects -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php." | 2024-02-09 | 8.8 | CVE-2024-25304 cve@mitre.org |
code-projects -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php. | 2024-02-09 | 8.8 | CVE-2024-25305 cve@mitre.org |
code-projects -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php". | 2024-02-09 | 8.8 | CVE-2024-25306 cve@mitre.org |
code-projects -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php. | 2024-02-09 | 8.8 | CVE-2024-25308 cve@mitre.org |
code-projects -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php. | 2024-02-09 | 8.8 | CVE-2024-25309 cve@mitre.org |
code-projects -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5." | 2024-02-09 | 8.8 | CVE-2024-25310 cve@mitre.org |
code-projects -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5." | 2024-02-09 | 8.8 | CVE-2024-25312 cve@mitre.org |
code-projects -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php. | 2024-02-09 | 8.8 | CVE-2024-25313 cve@mitre.org |
comarch -- erp_xl | Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2. | 2024-02-15 | 7.4 | CVE-2023-4537 cvd@cert.pl cvd@cert.pl |
comarch -- erp_xl | Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023.2. | 2024-02-15 | 7.5 | CVE-2023-4539 cvd@cert.pl cvd@cert.pl |
contiki-ng -- contiki-ng | Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. Users unable to upgrade should manually apply the code changes in PR #2484. | 2024-02-14 | 8.6 | CVE-2023-50927 security-advisories@github.com security-advisories@github.com |
contiki-ng -- contiki-ng | Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. The problem has been patched in the "develop" branch of Contiki-NG and is expected to be included in subsequent releases. Users are advised to update their develop branch or to update to a subsequent release when available. Users unable to upgrade should consider manually applying the changes in PR #2741. | 2024-02-14 | 7 | CVE-2023-48229 security-advisories@github.com security-advisories@github.com |
contiki-ng -- contiki-ng | Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a memcmp function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. Users are advised to update as soon as they are able to or to manually apply the changes in Contiki-NG pull request #2721. | 2024-02-14 | 7.5 | CVE-2023-50926 security-advisories@github.com security-advisories@github.com |
dell -- dell_smartfabric_os10 | Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity. | 2024-02-15 | 9.1 | CVE-2023-28078 security_alert@emc.com |
dell -- dell_smartfabric_os10 | Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity. | 2024-02-15 | 9.8 | CVE-2023-32462 security_alert@emc.com |
dell -- enterprise_sonic_os | Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity. | 2024-02-15 | 9.8 | CVE-2023-32484 security_alert@emc.com |
dell -- esi_(enterprise_storage_integrator)_for_sap_lama | DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. A remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials. | 2024-02-15 | 9.8 | CVE-2023-39245 security_alert@emc.com |
dell -- esi_(enterprise_storage_integrator)_for_sap_lama | DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an improper access control vulnerability in EHAC component. A remote unauthenticated attacker could potentially exploit this vulnerability to gain unrestricted access to the SOAP APIs. | 2024-02-15 | 7.3 | CVE-2023-39244 security_alert@emc.com |
dell -- powerprotect_data_manager | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change | 2024-02-13 | 8.8 | CVE-2024-22454 security_alert@emc.com |
dell -- powerprotect_data_manager | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | 2024-02-13 | 7.2 | CVE-2024-22445 security_alert@emc.com |
dell -- recoverpoint_for_vms | Dell RecoverPoint for Virtual Machines 5.3.x contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise. | 2024-02-16 | 7.2 | CVE-2024-22426 security_alert@emc.com |
dell -- supportassist_client_consumer | Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023 | 2024-02-14 | 7.2 | CVE-2023-25535 security_alert@emc.com |
dell -- supportassist_for_home_pcs | In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC. | 2024-02-14 | 7.8 | CVE-2023-44283 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges. | 2024-02-12 | 7.8 | CVE-2024-0164 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-0165 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges. | 2024-02-12 | 7.8 | CVE-2024-0166 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges. | 2024-02-12 | 7.8 | CVE-2024-0167 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-0168 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-0170 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | 2024-02-12 | 7.8 | CVE-2024-22222 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | 2024-02-12 | 7.8 | CVE-2024-22223 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-22224 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-22225 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-22227 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-22228 security_alert@emc.com |
diracgrid -- dirac | DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-24825 security-advisories@github.com security-advisories@github.com |
ebm_technologies -- risweb | EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records. | 2024-02-15 | 9.8 | CVE-2024-26264 twcert@cert.org.tw |
ebm_technologies -- uniweb/solipacs_webserver | EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator. | 2024-02-15 | 8.8 | CVE-2024-26262 twcert@cert.org.tw |
ec-web -- fs-ezviewer(web) | EC-WEB FS-EZViewer (Web)'s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator. | 2024-02-15 | 8.8 | CVE-2024-1523 twcert@cert.org.tw |
emerson -- gc370xa_firmware | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. | 2024-02-09 | 9.1 | CVE-2023-43609 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
emerson -- gc370xa_firmware | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer. | 2024-02-09 | 9.8 | CVE-2023-46687 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
emerson -- gc370xa_firmware | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer. | 2024-02-09 | 9.8 | CVE-2023-49716 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
emerson -- gc370xa_firmware | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities. | 2024-02-09 | 8.1 | CVE-2023-51761 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
enlightenment -- imlib2 | An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | 8.8 | CVE-2024-25447 cve@mitre.org cve@mitre.org |
enlightenment -- imlib2 | An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | 8.8 | CVE-2024-25448 cve@mitre.org cve@mitre.org |
enlightenment -- imlib2 | imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). | 2024-02-09 | 8.8 | CVE-2024-25450 cve@mitre.org cve@mitre.org |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23322 security-advisories@github.com security-advisories@github.com |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23324 security-advisories@github.com security-advisories@github.com |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn't supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23325 security-advisories@github.com security-advisories@github.com |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23327 security-advisories@github.com security-advisories@github.com |
eset_spol_s_r.o. -- eset_nod32_antivirus | Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET's file operations to delete files without having proper permission. | 2024-02-15 | 7.8 | CVE-2024-0353 security@eset.com |
f5 -- big-ip | When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 8.7 | CVE-2024-22093 f5sirt@f5.com |
f5 -- big-ip | When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-21763 f5sirt@f5.com |
f5 -- big-ip | For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-21771 f5sirt@f5.com |
f5 -- big-ip | When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-21789 f5sirt@f5.com |
f5 -- big-ip | When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-02-14 | 7.5 | CVE-2024-21849 f5sirt@f5.com |
f5 -- big-ip | When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.2 | CVE-2024-22389 f5sirt@f5.com |
f5 -- big-ip | When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns." Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-23308 f5sirt@f5.com |
f5 -- big-ip | When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-23314 f5sirt@f5.com |
f5 -- big-ip | Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-23805 f5sirt@f5.com |
f5 -- big-ip | When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-23979 f5sirt@f5.com |
f5 -- big-ip | When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-23982 f5sirt@f5.com |
f5 -- nginx_plus | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-24989 f5sirt@f5.com |
f5 -- nginx_plus | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-24990 f5sirt@f5.com |
filseclab -- twister_antivirus | Twister Antivirus v8.17 allows Elevation of Privileges on the computer where it's installed by triggering the 0x80112067, 0x801120CB and 0x801120CC IOCTL codes of the fildds.sys driver. | 2024-02-13 | 7.8 | CVE-2024-1096 help@fluidattacks.com help@fluidattacks.com |
flusity -- flusity | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php. | 2024-02-11 | 8.8 | CVE-2024-25417 cve@mitre.org |
flusity -- flusity | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php. | 2024-02-11 | 8.8 | CVE-2024-25418 cve@mitre.org |
flusity -- flusity | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php. | 2024-02-11 | 8.8 | CVE-2024-25419 cve@mitre.org |
fortinet -- forticlientems | An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows a Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests. | 2024-02-15 | 8.8 | CVE-2023-45581 psirt@fortinet.com |
fortinet -- fortiproxy | A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests | 2024-02-09 | 9.8 | CVE-2024-21762 psirt@fortinet.com |
fortinet -- fortiswitchmanager | A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. | 2024-02-15 | 9.8 | CVE-2024-23113 psirt@fortinet.com |
g5theme -- ere_recently_viewed_essential_real_estate_add-on | Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed - Essential Real Estate Add-On. This issue affects ERE Recently Viewed - Essential Real Estate Add-On: from n/a through 1.3. | 2024-02-12 | 9.8 | CVE-2024-24797 audit@patchstack.com |
gambio -- gambio | Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | 2024-02-12 | 9.8 | CVE-2024-23759 cve@mitre.org |
gambio -- gambio | Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. | 2024-02-12 | 9.8 | CVE-2024-23761 cve@mitre.org |
gambio -- gambio | SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. | 2024-02-12 | 9.8 | CVE-2024-23763 cve@mitre.org |
gambio -- gambio | Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. | 2024-02-12 | 7.8 | CVE-2024-23762 cve@mitre.org |
getcomposer -- composer | Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:```sh rm vendor/composer/installed.php vendor/composer/InstalledVersions.php composer install --no-scripts --no-plugins ``` | 2024-02-09 | 7.8 | CVE-2024-24821 security-advisories@github.com security-advisories@github.com |
github -- enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. | 2024-02-13 | 9.1 | CVE-2024-1355 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com. | 2024-02-13 | 9.1 | CVE-2024-1359 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collected configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com. | 2024-02-13 | 9.1 | CVE-2024-1369 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com. | 2024-02-13 | 9.1 | CVE-2024-1372 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com. | 2024-02-13 | 9.1 | CVE-2024-1374 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com. | 2024-02-13 | 9.1 | CVE-2024-1378 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. | 2024-02-13 | 8 | CVE-2024-1354 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. | 2024-02-14 | 7.1 | CVE-2024-1482 product-cna@github.com product-cna@github.com product-cna@github.com |
grafana -- grafana_son_datasource | The JSON data source plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configured sub-path. This means that if the data source was configured by an administrator to point at some sub-path of a domain (e.g. https://example.com/api/some_safe_api/ https://example.com/api/some_safe_api/ ), it was possible for an editor to create a dashboard referencing the data source which issues queries containing path traversal characters, which would in turn cause the data source to instead query arbitrary subpaths on the configured domain (e.g. https://example.com/api/admin_api/) https://example.com/api/admin_api/) . In the rare case that this plugin is configured by an administrator to point back at the Grafana instance itself, this vulnerability becomes considerably more severe, as an administrator browsing a maliciously configured panel could be compelled to make requests to Grafana administrative API endpoints with their credentials, resulting in the potential for privilege escalation, hence the high score for this vulnerability. | 2024-02-14 | 8 | CVE-2023-5123 security@grafana.com |
hcltech -- sametime | Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. | 2024-02-09 | 8.8 | CVE-2023-50349 psirt@hcl.com |
hgiga -- oaklouds | The functionality for synchronization in HGiga OAKlouds' certain modules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission. | 2024-02-15 | 9.8 | CVE-2024-26260 twcert@cert.org.tw |
hgiga -- oaklouds | The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded. | 2024-02-15 | 9.8 | CVE-2024-26261 twcert@cert.org.tw |
hima -- f30_03x_yy_(com) | An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port. | 2024-02-13 | 7.5 | CVE-2024-24781 info@cert.vde.com |
hotel_management_system_project -- hotel_management_system | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. | 2024-02-09 | 9.8 | CVE-2024-25314 cve@mitre.org |
hotel_management_system_project -- hotel_management_system | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2. | 2024-02-09 | 9.8 | CVE-2024-25315 cve@mitre.org |
hotel_management_system_project -- hotel_management_system | Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2. | 2024-02-09 | 9.8 | CVE-2024-25316 cve@mitre.org |
hotel_management_system_project -- hotel_management_system | Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2. | 2024-02-09 | 8.8 | CVE-2024-25318 cve@mitre.org |
hugin_project -- hugin | An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | 7.8 | CVE-2024-25442 cve@mitre.org cve@mitre.org |
hugin_project -- hugin | An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image. | 2024-02-09 | 7.8 | CVE-2024-25443 cve@mitre.org cve@mitre.org |
hugin_project -- hugin | Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. | 2024-02-09 | 7.8 | CVE-2024-25445 cve@mitre.org cve@mitre.org |
hugin_project -- hugin | An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | 7.8 | CVE-2024-25446 cve@mitre.org cve@mitre.org |
ibm -- engineering_lifecycle_optimization | IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749. | 2024-02-09 | 8.8 | CVE-2023-45187 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- engineering_lifecycle_optimization | IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. | 2024-02-09 | 7.5 | CVE-2023-45191 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- semeru_runtime | IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222. | 2024-02-10 | 7.5 | CVE-2024-22361 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- storage_defender_resiliency_service | IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783. | 2024-02-10 | 7.2 | CVE-2023-50957 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- storage_defender_resiliency_service | IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | 2024-02-10 | 7.8 | CVE-2024-22313 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- storage_scale_container_native_storage_access | IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.7.0 could allow a local attacker to initiate connections from a container outside the current namespace. IBM X-Force ID: 237811. | 2024-02-17 | 7.1 | CVE-2022-41737 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- storage_scale_container_native_storage_access | IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812. | 2024-02-17 | 7.5 | CVE-2022-41738 psirt@us.ibm.com psirt@us.ibm.com |
icinga -- icinga | Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being. | 2024-02-09 | 8.3 | CVE-2024-24820 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
icinga -- icingaweb2-module-incubator | icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 8.8 | CVE-2024-24819 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
innovadeluxe -- manufacturer_or_supplier_alphabetical_search | SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. | 2024-02-09 | 9.8 | CVE-2023-46350 cve@mitre.org |
intel -- intel(r)_dsa_software | Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 8.8 | CVE-2023-39425 secure@intel.com |
intel -- intel(r)_oneapi_dpc++/c++_compiler_software | Improper access control in some Intel(R) oneAPI DPC++/C++ Compiler software before version 2023.2.1 may allow authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 7.8 | CVE-2023-35121 secure@intel.com |
intel -- intel(r)_pcm_software | Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access. | 2024-02-14 | 7.5 | CVE-2023-34351 secure@intel.com |
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access. | 2024-02-14 | 7.1 | CVE-2023-33875 secure@intel.com |
intel -- intel(r)_sur_software | Improper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 7.1 | CVE-2023-39941 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in the Intel(R) Thunderbolt (TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 8.2 | CVE-2023-22293 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper input validation in some Intel(R) Thunderbolt (TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 7.7 | CVE-2023-22342 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt (TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 7.9 | CVE-2023-25777 secure@intel.com |
isc -- bind_9 | The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | 2024-02-13 | 7.5 | CVE-2023-4408 security-officer@isc.org security-officer@isc.org security-officer@isc.org |
isc -- bind_9 | A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | 2024-02-13 | 7.5 | CVE-2023-5517 security-officer@isc.org security-officer@isc.org security-officer@isc.org |
isc -- bind_9 | A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | 2024-02-13 | 7.5 | CVE-2023-5679 security-officer@isc.org security-officer@isc.org security-officer@isc.org |
isc -- bind_9 | To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1. | 2024-02-13 | 7.5 | CVE-2023-6516 security-officer@isc.org security-officer@isc.org security-officer@isc.org |
ivanti -- connect_secure | An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | 2024-02-13 | 8.3 | CVE-2024-22024 support@hackerone.com |
linksys -- wrt54gl_firmware | A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-09 | 7.5 | CVE-2024-1404 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
litespeedtech -- lsquic | In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. | 2024-02-09 | 9.8 | CVE-2024-25678 cve@mitre.org cve@mitre.org cve@mitre.org |
manageengine -- exchange_reporter_plus | Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. | 2024-02-16 | 8.3 | CVE-2024-21775 0fc0942c-577d-436f-ae8e-945763c79b02 |
mhenrixon -- sidekiq-unique-jobs | sidekiq-unique-jobs is an open-source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1. `/changelogs`, 2. `/locks` or 3. `/expiring_locks`. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-13 | 7.1 | CVE-2024-25122 security-advisories@github.com security-advisories@github.com |
microsoft -- .net_6.0 | .NET Denial of Service Vulnerability | 2024-02-13 | 7.5 | CVE-2024-21404 secure@microsoft.com |
microsoft -- asp.net_core_6.0 | .NET Denial of Service Vulnerability | 2024-02-13 | 7.5 | CVE-2024-21386 secure@microsoft.com |
microsoft -- azure_connected_machine_agent | Azure Connected Machine Agent Elevation of Privilege Vulnerability | 2024-02-13 | 7.3 | CVE-2024-21329 secure@microsoft.com |
microsoft -- azure_devops_server_2022 | Azure DevOps Server Remote Code Execution Vulnerability | 2024-02-13 | 7.5 | CVE-2024-20667 secure@microsoft.com |
microsoft -- azure_kubernetes_service | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | 2024-02-13 | 9 | CVE-2024-21376 secure@microsoft.com |
microsoft -- azure_kubernetes_service | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | 2024-02-13 | 9 | CVE-2024-21403 secure@microsoft.com |
microsoft -- azure_site_recovery | Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | 2024-02-13 | 9.3 | CVE-2024-21364 secure@microsoft.com |
microsoft -- entra | Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | 2024-02-13 | 9.8 | CVE-2024-21401 secure@microsoft.com |
microsoft -- microsoft_365_apps_for_enterprise | Microsoft Office OneNote Remote Code Execution Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21384 secure@microsoft.com |
microsoft -- microsoft_365_apps_for_enterprise | Microsoft Outlook Elevation of Privilege Vulnerability | 2024-02-13 | 7.1 | CVE-2024-21402 secure@microsoft.com |
microsoft -- microsoft_defender_for_endpoint_for_windows | Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21315 secure@microsoft.com |
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2024-02-13 | 8.2 | CVE-2024-21395 secure@microsoft.com |
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1 | Dynamics 365 Sales Spoofing Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21328 secure@microsoft.com |
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21389 secure@microsoft.com |
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21393 secure@microsoft.com |
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1 | Dynamics 365 Field Service Spoofing Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21394 secure@microsoft.com |
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1 | Dynamics 365 Sales Spoofing Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21396 secure@microsoft.com |
microsoft -- microsoft_dynamics_365_business_central_2022_release_wave_2 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | 2024-02-13 | 8 | CVE-2024-21380 secure@microsoft.com |
microsoft -- microsoft_dynamics_365_customer_engagement_v9.1 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21327 secure@microsoft.com |
microsoft -- microsoft_exchange_server_2016_cumulative_update_23 | Microsoft Exchange Server Elevation of Privilege Vulnerability | 2024-02-13 | 9.8 | CVE-2024-21410 secure@microsoft.com |
microsoft -- microsoft_office_2019 | Microsoft Outlook Remote Code Execution Vulnerability | 2024-02-13 | 9.8 | CVE-2024-21413 secure@microsoft.com secure@microsoft.com |
microsoft -- microsoft_office_2019 | Microsoft Outlook Remote Code Execution Vulnerability | 2024-02-13 | 8 | CVE-2024-21378 secure@microsoft.com |
microsoft -- microsoft_office_2019 | Microsoft Office Remote Code Execution Vulnerability | 2024-02-13 | 7.8 | CVE-2024-20673 secure@microsoft.com |
microsoft -- microsoft_office_2019 | Microsoft Word Remote Code Execution Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21379 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21349 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21350 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21352 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 2024-02-13 | 8.1 | CVE-2024-21357 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21358 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21359 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21360 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21361 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21365 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21366 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21367 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21368 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21369 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21370 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows OLE Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21372 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21375 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21391 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21420 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows Kernel Elevation of Privilege Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21338 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft ODBC Driver Remote Code Execution Vulnerability | 2024-02-13 | 7.5 | CVE-2024-21347 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | 2024-02-13 | 7.5 | CVE-2024-21348 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21354 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 2024-02-13 | 7 | CVE-2024-21355 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21363 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows Kernel Elevation of Privilege Vulnerability | 2024-02-13 | 7 | CVE-2024-21371 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows DNS Information Disclosure Vulnerability | 2024-02-13 | 7.1 | CVE-2024-21377 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 2024-02-13 | 7 | CVE-2024-21405 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows Printing Service Spoofing Vulnerability | 2024-02-13 | 7.5 | CVE-2024-21406 secure@microsoft.com |
microsoft -- windows_11_version_21h2 | Internet Shortcut Files Security Feature Bypass Vulnerability | 2024-02-13 | 8.1 | CVE-2024-21412 secure@microsoft.com |
microsoft -- windows_11_version_21h2 | Win32k Elevation of Privilege Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21346 secure@microsoft.com |
microsoft -- windows_11_version_22h2 | Windows DNS Client Denial of Service Vulnerability | 2024-02-13 | 7.5 | CVE-2024-21342 secure@microsoft.com |
microsoft -- windows_11_version_23h2 | Windows SmartScreen Security Feature Bypass Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21351 secure@microsoft.com |
microsoft -- windows_server_2022_23h2_edition_(server_core_installation) | Windows Kernel Elevation of Privilege Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21345 secure@microsoft.com |
microsoft -- windows_server_2022_23h2_edition_(server_core_installation) | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21353 secure@microsoft.com |
minbrowser -- min | In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document. | 2024-02-09 | 8.8 | CVE-2024-25677 cve@mitre.org |
misp -- misp | An issue was discovered in MISP before 2.4.184. Organization logo upload is insecure because of a lack of checks for the file extension and MIME type. | 2024-02-09 | 9.8 | CVE-2024-25674 cve@mitre.org cve@mitre.org |
misp -- misp | An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. | 2024-02-09 | 9.8 | CVE-2024-25675 cve@mitre.org cve@mitre.org |
nlnet_labs -- unbound | A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. | 2024-02-15 | 8 | CVE-2024-1488 secalert@redhat.com secalert@redhat.com |
objectcomputing -- micronaut | Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade. | 2024-02-09 | 7.8 | CVE-2024-23639 security-advisories@github.com security-advisories@github.com |
objectcomputing -- opendds | In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resource_limits.max_samples. NOTE: the vendor's position is that the product is not designed to handle a max_samples value that is too large for the amount of memory on the system. | 2024-02-11 | 7.5 | CVE-2023-52427 cve@mitre.org |
oduyo -- online_collection | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2. | 2024-02-09 | 9.8 | CVE-2023-6677 iletisim@usom.gov.tr |
open-mss -- mss | MSS (Mission Support System) is an open-source package designed for planning atmospheric research flights. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The `filename` variable is joined with other variables to form a file path in `_file`. However, `filename` is a route parameter that can capture path type values i.e. values including slashes (\). So, it is possible for an attacker to manipulate the file being read by assigning a value containing ../ to `filename` and so the attacker may be able to gain access to other files on the host filesystem. This issue has been addressed in MSS version 8.3.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-15 | 7.3 | CVE-2024-25123 security-advisories@github.com security-advisories@github.com |
open-xchange_gmbh -- ox_app_suite | CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | 2024-02-14 | 7.1 | CVE-2023-27975 cybersecurity@se.com |
open-xchange_gmbh -- ox_app_suite | Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a user's sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known. | 2024-02-12 | 7.1 | CVE-2023-41704 security@open-xchange.com security@open-xchange.com |
openidc -- mod_auth_openidc | mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to a denial of service (DoS) attack. An internal security audit has been conducted and the reviewers found that if they manipulated the value of the mod_auth_openidc_session_chunks cookie to a very large integer, like 99999999, the server struggles with the request for a long time and finally gets back with a 500 error. Making a few requests of this kind caused our server to become unresponsive. Attackers can craft requests that would make the server work very hard (and possibly become unresponsive) and/or crash with minimal effort. This issue has been addressed in version 2.4.15.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-13 | 7.5 | CVE-2024-24814 security-advisories@github.com security-advisories@github.com |
openrefine -- openrefine | OpenRefine is a free, open-source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest version of OpenRefine (8.0.30), there is no associated deserialization utilization point, so original code execution cannot be achieved, but attackers can use this vulnerability to read sensitive files on the target server. This issue has been addressed in version 3.7.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-12 | 7.5 | CVE-2024-23833 security-advisories@github.com security-advisories@github.com |
opentext -- alm_octane | Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack. | 2024-02-15 | 7.5 | CVE-2023-6123 security@opentext.com |
opentext -- operations_agent | Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on no-Windows platforms. The vulnerability could allow local privilege escalation. | 2024-02-15 | 8.8 | CVE-2024-0622 security@opentext.com |
oracle_corporation -- agile_plm_framework | Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 2024-02-17 | 8.8 | CVE-2024-20953 secalert_us@oracle.com |
oracle_corporation -- agile_product_lifecycle_management_for_process | Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile Product Lifecycle Management for Process. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). | 2024-02-17 | 7.3 | CVE-2024-20956 secalert_us@oracle.com |
oracle_corporation -- audit_vault_and_database_firewall | Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | 2024-02-17 | 7.5 | CVE-2024-20909 secalert_us@oracle.com |
oracle_corporation -- enterprise_manager_base_platform | Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L). | 2024-02-17 | 7.5 | CVE-2024-20917 secalert_us@oracle.com |
oracle_corporation -- weblogic_server | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 8.6 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N). | 2024-02-17 | 8.6 | CVE-2024-20927 secalert_us@oracle.com |
oracle_corporation -- weblogic_server | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2024-02-17 | 7.5 | CVE-2024-20931 secalert_us@oracle.com |
phpems -- phpems | A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability. | 2024-02-09 | 9.8 | CVE-2024-1353 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
pixelfed -- pixelfed | Pixelfed is an open-source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-12 | 9.9 | CVE-2024-25108 security-advisories@github.com security-advisories@github.com |
postahsl_ -- online_payment_system | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSL Online Payment System allows SQL Injection. This issue affects Online Payment System: before 14.02.2024. | 2024-02-15 | 9.8 | CVE-2023-7081 iletisim@usom.gov.tr |
presta_monster -- multi_accessories_pro | SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts(). | 2024-02-09 | 9.8 | CVE-2023-50026 cve@mitre.org |
propertyhive -- propertyhive | Deserialization of Untrusted Data vulnerability in PropertyHive. This issue affects PropertyHive: from n/a through 2.0.5. | 2024-02-12 | 8.7 | CVE-2024-23513 audit@patchstack.com |
rems -- event_student_attendance_system | Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. | 2024-02-09 | 9.8 | CVE-2024-25302 cve@mitre.org |
rockwell_automation -- factorytalk_service_platform | A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable. | 2024-02-16 | 9 | CVE-2024-21915 PSIRT@rockwellautomation.com |
sap_se -- sap_aba_(application_basis) | In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable. | 2024-02-13 | 9.1 | CVE-2024-22131 cna@sap.com cna@sap.com |
sap_se -- sap_cloud_connector | Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system. | 2024-02-13 | 7.4 | CVE-2024-25642 cna@sap.com cna@sap.com |
sap_se -- sap_crm_webclient_ui | Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the application data after successful exploitation. | 2024-02-13 | 7.6 | CVE-2024-22130 cna@sap.com cna@sap.com |
sap_se -- sap_ides_systems | SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice. An attacker can therefore control the behavior of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. | 2024-02-13 | 7.4 | CVE-2024-22132 cna@sap.com cna@sap.com |
sap_se -- sap_netweaver_as_java_(guided_procedures) | SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected. | 2024-02-13 | 8.6 | CVE-2024-24743 cna@sap.com cna@sap.com |
sap_se -- sap_netweaver_as_java_(user_admin_application) | The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability. | 2024-02-13 | 8.8 | CVE-2024-22126 cna@sap.com cna@sap.com |
schneider_electric -- ecostruxure_control_expert | CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. | 2024-02-14 | 7.7 | CVE-2023-6409 cybersecurity@se.com |
schneider_electric -- harmony_control_relay_rmnf22tb30 | CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. | 2024-02-14 | 8.8 | CVE-2024-0568 cybersecurity@se.com |
schneider_electric -- modicon_m340_cpu_(part_numbers_bmxp34*) | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack. | 2024-02-14 | 8.1 | CVE-2023-6408 cybersecurity@se.com |
sherlock -- employee_management_system | An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html. | 2024-02-14 | 9.8 | CVE-2024-25214 cve@mitre.org |
sherlock -- employee_management_system | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php. | 2024-02-14 | 9.8 | CVE-2024-25215 cve@mitre.org |
sherlock -- employee_management_system | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php. | 2024-02-14 | 9.8 | CVE-2024-25216 cve@mitre.org |
sherlock -- employee_management_system | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php. | 2024-02-14 | 7.2 | CVE-2024-25212 cve@mitre.org |
sherlock -- employee_management_system | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php. | 2024-02-14 | 7.2 | CVE-2024-25213 cve@mitre.org |
siemens -- location_intelligence_perpetual_large | A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application. | 2024-02-13 | 9.8 | CVE-2024-23816 productcert@siemens.com |
siemens -- parasolid_v35.0 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2023-49125 productcert@siemens.com |
siemens -- polarion_alm | A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code. | 2024-02-13 | 7.3 | CVE-2024-23813 productcert@siemens.com |
siemens -- polarion_alm | A vulnerability has been identified in Polarion ALM (All versions). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM. | 2024-02-13 | 7.8 | CVE-2023-50236 productcert@siemens.com |
siemens -- simatic_cp_343-1 | A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial-of-service condition by injecting spoofed TCP RST packets. | 2024-02-13 | 7.5 | CVE-2023-51440 productcert@siemens.com |
siemens -- simcenter_femap | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710) | 2024-02-13 | 7.8 | CVE-2024-24920 productcert@siemens.com |
siemens -- simcenter_femap | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712) | 2024-02-13 | 7.8 | CVE-2024-24921 productcert@siemens.com |
siemens -- simcenter_femap | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21715) | 2024-02-13 | 7.8 | CVE-2024-24922 productcert@siemens.com |
siemens -- simcenter_femap | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22055) | 2024-02-13 | 7.8 | CVE-2024-24923 productcert@siemens.com |
siemens -- simcenter_femap | A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22059) | 2024-02-13 | 7.8 | CVE-2024-24924 productcert@siemens.com |
siemens -- simcenter_femap | A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060) | 2024-02-13 | 7.8 | CVE-2024-24925 productcert@siemens.com |
siemens -- sinec_nms | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. | 2024-02-13 | 8.8 | CVE-2024-23810 productcert@siemens.com |
siemens -- sinec_nms | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution. | 2024-02-13 | 8.8 | CVE-2024-23811 productcert@siemens.com |
siemens -- sinec_nms | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection. | 2024-02-13 | 8 | CVE-2024-23812 productcert@siemens.com |
siemens -- tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23795 productcert@siemens.com |
siemens -- tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23796 productcert@siemens.com |
siemens -- tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23797 productcert@siemens.com |
siemens -- tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23798 productcert@siemens.com |
siemens -- tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23802 productcert@siemens.com |
siemens -- tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23803 productcert@siemens.com |
siemens -- tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23804 productcert@siemens.com |
siemens -- unicam_fx | A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack. | 2024-02-13 | 7.8 | CVE-2024-22042 productcert@siemens.com |
simgesel -- hearing_tracking_system | Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0. | 2024-02-09 | 8.8 | CVE-2023-6724 iletisim@usom.gov.tr |
solarwinds -- access_rights_manager | The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. | 2024-02-15 | 9 | CVE-2023-40057 psirt@solarwinds.com |
solarwinds -- access_rights_manager | The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | 2024-02-15 | 9.6 | CVE-2024-23476 psirt@solarwinds.com |
solarwinds -- access_rights_manager | SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. | 2024-02-15 | 9.6 | CVE-2024-23479 psirt@solarwinds.com |
solarwinds -- access_rights_manager | SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution. | 2024-02-15 | 8 | CVE-2024-23478 psirt@solarwinds.com |
solarwinds -- access_rights_manager | The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. | 2024-02-15 | 7.9 | CVE-2024-23477 psirt@solarwinds.com |
task_manager_in_php_with_source_code_project -- task_manager_in_php_with_source_code | Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php. | 2024-02-14 | 9.8 | CVE-2024-25220 cve@mitre.org |
task_manager_in_php_with_source_code_project -- task_manager_in_php_with_source_code | Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php. | 2024-02-14 | 9.8 | CVE-2024-25222 cve@mitre.org |
tenable -- security_center | A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host. | 2024-02-14 | 7.2 | CVE-2024-1367 vulnreport@tenable.com |
typo3 -- typo3 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`. | 2024-02-13 | 7.1 | CVE-2024-25121 security-advisories@github.com security-advisories@github.com |
uni-pa_university_marketing_&_computer_internet_trade_inc -- university_information_system | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System allows SQL Injection. This issue affects University Information System: before 12.12.2023. | 2024-02-14 | 9.8 | CVE-2023-6441 iletisim@usom.gov.tr |
utarit_information_technologies -- solipay_mobile_app | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection. This issue affects SoliPay Mobile App: before 5.0.8. | 2024-02-15 | 9.8 | CVE-2023-5155 iletisim@usom.gov.tr |
utarit_information_technologies -- solipay_mobile_app | Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users. This issue affects SoliPay Mobile App: before 5.0.8. | 2024-02-15 | 7.5 | CVE-2023-4993 iletisim@usom.gov.tr |
utarit_information_technologies -- solipay_mobile_app | Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable. This issue affects SoliPay Mobile App: before 5.0.8. | 2024-02-15 | 7.5 | CVE-2023-6255 iletisim@usom.gov.tr |
vercel -- pkg | pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realizing it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21's support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security. | 2024-02-09 | 7.8 | CVE-2024-24828 security-advisories@github.com security-advisories@github.com |
wordpress -- wordpress | The Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-10 | 8.8 | CVE-2024-0594 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources. | 2024-02-09 | 7.5 | CVE-2024-0842 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-17 | 9.8 | CVE-2024-0610 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-17 | 9.8 | CVE-2024-1512 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce - WpEvently - WordPress Plugin. This issue affects Event Manager and Tickets Selling Plugin for WooCommerce - WpEvently - WordPress Plugin: from n/a through 4.1.1. | 2024-02-12 | 8.2 | CVE-2024-24796 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme. This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. | 2024-02-12 | 7.5 | CVE-2024-24926 audit@patchstack.com |
wp_swings -- coupon_referral_program | Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program. This issue affects Coupon Referral Program: from n/a through 1.7.2. | 2024-02-12 | 10 | CVE-2024-25100 audit@patchstack.com |
wpxpo -- productx_woocommerce_builder_&_gutenberg_woocommerce_blocks | Deserialization of Untrusted Data vulnerability in wpxpo ProductX - WooCommerce Builder & Gutenberg WooCommerce Blocks. This issue affects ProductX - WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4. | 2024-02-12 | 8.7 | CVE-2024-23512 audit@patchstack.com |
x.org -- x.org | An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. | 2024-02-09 | 7.8 | CVE-2024-0229 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
zoom_video_communications,_inc -- zoom_desktop_client_for_windows,_zoom_vdi_client_for_windows_and_zoom_meeting_sdk_for_windows | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. | 2024-02-14 | 9.6 | CVE-2024-24691 security@zoom.us |
zoom_video_communications_inc -- zoom_clients | Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access. | 2024-02-14 | 7.2 | CVE-2024-24697 security@zoom.us |
f5 -- big-ip | When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-24775 f5sirt@f5.com |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20733 psirt@adobe.com |
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20734 psirt@adobe.com |
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20735 psirt@adobe.com psirt@adobe.com |
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20736 psirt@adobe.com |
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20747 psirt@adobe.com psirt@adobe.com |
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20748 psirt@adobe.com psirt@adobe.com |
adobe -- acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20749 psirt@adobe.com psirt@adobe.com |
adobe -- commerce | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website. | 2024-02-15 | 6.5 | CVE-2024-20718 psirt@adobe.com |
adobe -- commerce | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-02-15 | 5.4 | CVE-2024-20717 psirt@adobe.com |
adobe -- commerce | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction. | 2024-02-15 | 4.9 | CVE-2024-20716 psirt@adobe.com |
adobe -- substance_3d_painter | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20722 psirt@adobe.com |
adobe -- substance_3d_painter | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20724 psirt@adobe.com |
adobe -- substance_3d_painter | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20725 psirt@adobe.com |
algosec -- algosec_fireflow | Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above) | 2024-02-15 | 5.1 | CVE-2023-46596 security.vulnerabilities@algosec.com |
apache_software_foundation -- apache_superset | This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. | 2024-02-14 | 6.5 | CVE-2024-23952 security@apache.org security@apache.org security@apache.org |
ari_soft -- contact_form_7_connector | Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector. This issue affects Contact Form 7 Connector: from n/a through 1.2.2. | 2024-02-12 | 4.3 | CVE-2024-24884 audit@patchstack.com |
automattic -- crowdsignal_dashboard | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard - Polls, Surveys & more allows Reflected XSS. This issue affects Crowdsignal Dashboard - Polls, Surveys & more: from n/a through 3.0.11. | 2024-02-10 | 6.1 | CVE-2023-51488 audit@patchstack.com |
automattic -- sensei_lms | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automatic Sensei LMS - Online Courses, Quizzes, & Learning allows Stored XSS. This issue affects Sensei LMS - Online Courses, Quizzes, & Learning: from n/a through 4.17.0. | 2024-02-12 | 5.4 | CVE-2023-50875 audit@patchstack.com |
axiosys -- bento4 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function. | 2024-02-09 | 6.5 | CVE-2024-25451 cve@mitre.org |
axiosys -- bento4 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function. | 2024-02-09 | 5.5 | CVE-2024-25452 cve@mitre.org |
axiosys -- bento4 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function. | 2024-02-09 | 5.5 | CVE-2024-25453 cve@mitre.org cve@mitre.org |
axiosys -- bento4 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function. | 2024-02-09 | 5.5 | CVE-2024-25454 cve@mitre.org |
ays-pro -- chartify | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify - WordPress Chart Plugin allows Stored XSS.This issue affects Chartify - WordPress Chart Plugin: from n/a through 2.0.6. | 2024-02-12 | 4.8 | CVE-2023-47526 audit@patchstack.com |
badge -- hacker_hotel_badge | Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial-of-service attack. Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding. This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3. | 2024-02-11 | 5.7 | CVE-2024-21875 csirt@divd.nl csirt@divd.nl |
barangay_management_system_project -- barangay_management_system | Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Contact Number parameter. | 2024-02-14 | 5.4 | CVE-2024-25207 cve@mitre.org |
barangay_management_system_project -- barangay_management_system | Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter. | 2024-02-14 | 5.4 | CVE-2024-25208 cve@mitre.org |
beds24 -- online_booking | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.23. | 2024-02-10 | 4.8 | CVE-2024-24717 audit@patchstack.com |
beyondtrust -- privilege_management_for_windows | An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When a low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges. | 2024-02-16 | 6.3 | CVE-2024-25083 cve@mitre.org |
calculatorsworld -- cc_bmi_calculator | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1. | 2024-02-10 | 5.4 | CVE-2024-23516 audit@patchstack.com |
canonical_ltd -- lxd | An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot. | 2024-02-14 | 6.7 | CVE-2023-48733 security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com |
canonical_ltd -- lxd | An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. | 2024-02-14 | 6.7 | CVE-2023-49721 security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com |
clicktotweet -- click_to_tweet | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14. | 2024-02-10 | 5.4 | CVE-2024-23514 audit@patchstack.com |
comarch -- erp_xl | The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL: from 2020.2.2 through 2023.2. | 2024-02-15 | 6.2 | CVE-2023-4538 cvd@cert.pl cvd@cert.pl |
concretecms -- concrete_cms | Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. | 2024-02-09 | 4.8 | CVE-2024-1245 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
concretecms -- concrete_cms | Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user's browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9. | 2024-02-09 | 4.8 | CVE-2024-1246 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
concretecms -- concrete_cms | Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability. | 2024-02-09 | 4.8 | CVE-2024-1247 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
content_cards_project -- content_cards | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arunas Liuiza Content Cards allows Stored XSS.This issue affects Content Cards: from n/a through 0.9.7. | 2024-02-12 | 5.4 | CVE-2024-24928 audit@patchstack.com |
dell -- bsafe_ssl-j | Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. | 2024-02-10 | 4.4 | CVE-2023-28077 security_alert@emc.com |
dell -- mobility_e-lab_navigator | Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Object Reference Vulnerability in Feedback submission. An attacker could potentially exploit this vulnerability, to manipulate the email's appearance, potentially deceiving recipients and causing reputational and security risks. | 2024-02-14 | 4.4 | CVE-2024-22455 security_alert@emc.com |
dell -- recoverpoint_for_vms | Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner. | 2024-02-16 | 6.5 | CVE-2024-22425 security_alert@emc.com |
dell -- secure_connect_gateway-application | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. | 2024-02-14 | 5.4 | CVE-2023-44293 security_alert@emc.com |
dell -- secure_connect_gateway-application | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. | 2024-02-14 | 5.4 | CVE-2023-44294 security_alert@emc.com |
dell -- supportassist_client_consumer | Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. | 2024-02-14 | 6.3 | CVE-2023-39249 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information. | 2024-02-12 | 6.5 | CVE-2024-22221 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges. | 2024-02-12 | 6.5 | CVE-2024-22226 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading users to download and execute malicious software crafted by this product's feature to compromise their systems. | 2024-02-12 | 5.4 | CVE-2024-0169 security_alert@emc.com |
dell -- unity_operating_environment | Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser. | 2024-02-12 | 5.4 | CVE-2024-22230 security_alert@emc.com |
derhansen -- sf_event_mgt | sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-13 | 4.3 | CVE-2024-24751 security-advisories@github.com security-advisories@github.com |
ebm_technologies -- risweb | EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. | 2024-02-15 | 5.3 | CVE-2024-26263 twcert@cert.org.tw |
ecshop -- ecshop | A vulnerability, which was classified as critical, has been found in ECshop 4.1.8. Affected by this issue is some unknown functionality of the file /admin/view_sendlist.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250562 is the identifier assigned to this vulnerability. | 2024-02-15 | 6.3 | CVE-2024-1530 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 5.3 | CVE-2024-23323 security-advisories@github.com security-advisories@github.com |
exiv2 -- exiv2 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-12 | 5.5 | CVE-2024-24826 security-advisories@github.com security-advisories@github.com |
exiv2 -- exiv2 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-12 | 5.5 | CVE-2024-25112 security-advisories@github.com security-advisories@github.com |
f5 -- big-ip | BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 6.7 | CVE-2024-21782 f5sirt@f5.com |
f5 -- big-ip | When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 6 | CVE-2024-23976 f5sirt@f5.com |
f5 -- big-ip_next_spk | A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 4.4 | CVE-2024-23306 f5sirt@f5.com |
f5 -- f5os_-_appliance | When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-02-14 | 6.2 | CVE-2024-24966 f5sirt@f5.com |
f5 -- f5os_-_appliance | A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-02-14 | 5.5 | CVE-2024-23607 f5sirt@f5.com |
filseclab -- twister_antivirus | Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver. | 2024-02-13 | 5.8 | CVE-2024-1140 help@fluidattacks.com help@fluidattacks.com |
filseclab -- twister_antivirus | Twister Antivirus v8.17 is vulnerable to a Denial-of-Service vulnerability by triggering the 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver. | 2024-02-13 | 5.5 | CVE-2024-1216 help@fluidattacks.com help@fluidattacks.com |
fortinet -- fortimanager | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. | 2024-02-15 | 5 | CVE-2023-44253 psirt@fortinet.com |
fortinet -- fortinac | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs. | 2024-02-15 | 6.8 | CVE-2023-26206 psirt@fortinet.com |
fortinet -- fortios | An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 and 7.4.0 - 7.4.1 allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch. | 2024-02-15 | 4.8 | CVE-2023-47537 psirt@fortinet.com |
geek_code_lab -- all_404_pages_redirect_to_homepage | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS. This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9. | 2024-02-12 | 6.1 | CVE-2024-24889 audit@patchstack.com |
getawesomesupport -- awesome_support | The Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails. | 2024-02-10 | 4.3 | CVE-2024-0595 security@wordfence.com security@wordfence.com security@wordfence.com |
getgrav -- grav | A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. | 2024-02-09 | 5.4 | CVE-2023-31506 cve@mitre.org |
github -- enterprise_server | A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. | 2024-02-13 | 6.3 | CVE-2024-1082 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. | 2024-02-13 | 6.5 | CVE-2024-1084 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation. | 2024-02-12 | 6.5 | CVE-2024-1250 cve@gitlab.com |
givewp -- givewp | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform allows Stored XSS. This issue affects GiveWP - Donation Plugin and Fundraising Platform: from n/a through 3.2.2. | 2024-02-10 | 5.4 | CVE-2023-51415 audit@patchstack.com |
glewlwyd_sso_server_project -- glewlwyd_sso_server | Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. | 2024-02-11 | 6.1 | CVE-2024-25715 cve@mitre.org cve@mitre.org |
grafana -- grafana | A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. | 2024-02-13 | 5.4 | CVE-2023-6152 security@grafana.com security@grafana.com |
grafana -- grafana-csv-datasource | Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator | 2024-02-14 | 5 | CVE-2023-5122 security@grafana.com |
greenpau -- github.com/greenpau/caddy-security | Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in the OAuth flow to conduct OAuth replay attacks. In addition, insecure randomness is used while generating multifactor authentication (MFA) secrets and creating API keys in the database package. | 2024-02-17 | 6.5 | CVE-2024-21495 report@snyk.io report@snyk.io report@snyk.io report@snyk.io |
greenpau -- github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS (e.g., [&], [<], [>], ["], [']), it does not account for the attack based on the JavaScript URL scheme (e.g., javascript:alert(document.domain)// payload). Exploiting this vulnerability may not be trivial, but it could lead to the execution of malicious scripts in the context of the target user's browser, compromising user sessions. | 2024-02-17 | 6.1 | CVE-2024-21496 report@snyk.io report@snyk.io report@snyk.io |
greenpau -- github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server. | 2024-02-17 | 5.3 | CVE-2024-21493 report@snyk.io report@snyk.io report@snyk.io |
greenpau -- github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address. | 2024-02-17 | 5.4 | CVE-2024-21494 report@snyk.io report@snyk.io report@snyk.io |
greenpau -- github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser's back button, to trigger the redirection. | 2024-02-17 | 5.4 | CVE-2024-21497 report@snyk.io report@snyk.io report@snyk.io |
greenpau -- github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability. | 2024-02-17 | 5.3 | CVE-2024-21498 report@snyk.io report@snyk.io report@snyk.io |
greenpau -- github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active, but supposedly logged-out session can perform unauthorized actions on behalf of the user. | 2024-02-17 | 4.8 | CVE-2024-21492 report@snyk.io report@snyk.io report@snyk.io |
greenpau -- github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol. Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS. | 2024-02-17 | 4.3 | CVE-2024-21499 report@snyk.io report@snyk.io report@snyk.io |
greenpau -- github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application's full multistep 2FA process. | 2024-02-17 | 4.8 | CVE-2024-21500 report@snyk.io report@snyk.io report@snyk.io |
hcl_software -- hcl_connections | HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially crafted request an attacker could exploit this vulnerability to cause denial of service for affected users. | 2024-02-12 | 5.5 | CVE-2023-28018 psirt@hcl.com |
helm -- helm | Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies. | 2024-02-15 | 6.4 | CVE-2024-25620 security-advisories@github.com security-advisories@github.com |
hima -- f30_03x_yy_(com) | An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN. | 2024-02-13 | 4.3 | CVE-2024-24782 info@cert.vde.com |
howardehrenberg -- custom_post_carousels_with_owl | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS.This issue affects Custom Post Carousels with Owl: from n/a through 1.4.6. | 2024-02-10 | 5.4 | CVE-2023-51493 audit@patchstack.com |
ibm -- cics_tx_standard | IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440. | 2024-02-12 | 5.9 | CVE-2022-34309 psirt@us.ibm.com psirt@us.ibm.com psirt@us.ibm.com |
ibm -- cics_tx_standard | IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441. | 2024-02-12 | 5.9 | CVE-2022-34310 psirt@us.ibm.com psirt@us.ibm.com psirt@us.ibm.com |
ibm -- cics_tx_standard | IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446. | 2024-02-12 | 4.3 | CVE-2022-34311 psirt@us.ibm.com psirt@us.ibm.com psirt@us.ibm.com |
ibm -- datastage_on_cloud_pak_for_data | IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060. | 2024-02-12 | 4.9 | CVE-2022-38714 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- engineering_lifecycle_optimization | IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. | 2024-02-09 | 6.1 | CVE-2023-45190 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- i_access_client_solutions | IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091. | 2024-02-09 | 5.5 | CVE-2024-22318 psirt@us.ibm.com psirt@us.ibm.com psirt@us.ibm.com psirt@us.ibm.com |
ibm -- integration_bus | The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972. | 2024-02-09 | 6.5 | CVE-2024-22332 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- jazz_for_service_management | IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929. | 2024-02-14 | 5.3 | CVE-2023-46186 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- qradar_suite_software | IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975. | 2024-02-17 | 5.1 | CVE-2024-22335 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- qradar_suite_software | IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976. | 2024-02-17 | 5.1 | CVE-2024-22336 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- qradar_suite_software | IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977. | 2024-02-17 | 5.1 | CVE-2024-22337 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- qradar_suite_software | IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747. | 2024-02-17 | 4 | CVE-2023-50951 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- robotic_process_automation | IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293. | 2024-02-12 | 4.6 | CVE-2022-22506 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- sterling_b2b_integrator | IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827. | 2024-02-09 | 6.5 | CVE-2023-32341 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. | 2024-02-09 | 4.3 | CVE-2023-42016 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- storage_defender_resiliency_service | IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | 2024-02-10 | 5.5 | CVE-2024-22312 psirt@us.ibm.com psirt@us.ibm.com |
if-so -- dynamic_content_personalization | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1. | 2024-02-10 | 5.4 | CVE-2023-51492 audit@patchstack.com |
intel -- acat_software_maintained_by_intel(r) | Incorrect default permissions in some ACAT software maintained by Intel(R) before version 2.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-41231 secure@intel.com |
intel -- intel(r)_battery_life_diagnostic_tool_software | Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-35060 secure@intel.com |
intel -- intel(r)_binary_configuration_tool_software | Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-24591 secure@intel.com |
intel -- intel(r)_c++_compiler_classic | Improper buffer restrictions in some Intel(R) C++ Compiler Classic before version 2021.8 may allow authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6 | CVE-2023-29162 secure@intel.com |
intel -- intel(r)_chipset_driver_software | Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-25174 secure@intel.com |
intel -- intel(r)_chipset_driver_software | Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-28739 secure@intel.com |
intel -- intel(r)_cip_software | Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-35769 secure@intel.com |
intel -- intel(r)_dsa_software | Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.3 | CVE-2023-35062 secure@intel.com |
intel -- intel(r)_dsa_software | Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 5.5 | CVE-2023-25073 secure@intel.com |
intel -- intel(r)_ethernet_tools_and_driver_install_software | Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-33870 secure@intel.com |
intel -- intel(r)_ethernet_tools_and_driver_install_software | Improper access control element in some Intel(R) Ethernet tools and driver install software, before versions 28.2, may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-39432 secure@intel.com |
intel -- intel(r)_ispc_software | Uncontrolled search path in some Intel(R) ISPC software before version 1.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-38566 secure@intel.com |
intel -- intel(r)_mas_software | Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 5 | CVE-2023-36490 secure@intel.com |
intel -- intel(r)_mpi_library_software | Uncontrolled search path for some Intel(R) MPI Library Software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-41091 secure@intel.com |
intel -- intel(r)_ofu_software | Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-25945 secure@intel.com |
intel -- intel(r)_oneapi_toolkit_and_component_software_installers | Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-32618 secure@intel.com |
intel -- intel(r)_oneapi_toolkit_and_component_software_installers | Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 5 | CVE-2023-28715 secure@intel.com |
intel -- intel(r)_optane(tm)_pmem_100_series_management_software | Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-22311 secure@intel.com |
intel -- intel(r)_optane(tm)_pmem_software | Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.6 | CVE-2023-27517 secure@intel.com |
intel -- intel(r)_pm_software | Improper authorization in some Intel(R) PM software may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-38135 secure@intel.com |
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6 | CVE-2023-25951 secure@intel.com |
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 6.1 | CVE-2023-28374 secure@intel.com |
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 6.1 | CVE-2023-28720 secure@intel.com |
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-26586 secure@intel.com |
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-32642 secure@intel.com |
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-32644 secure@intel.com |
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-32651 secure@intel.com |
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-34983 secure@intel.com |
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-35061 secure@intel.com |
intel -- intel(r)_qat_software_drivers_for_windows | Out-of-bounds read in some Intel(R) QAT software drivers for Windows before version QAT1.7-W-1.11.0 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 6.5 | CVE-2023-41252 secure@intel.com |
intel -- intel(r)_qsfp+_configuration_utility_software | Uncontrolled search path in Intel(R) QSFP+ Configuration Utility software, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-28745 secure@intel.com |
intel -- intel(r)_sdk_for_opencl(tm)_applications_software | Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-36493 secure@intel.com |
intel -- intel(r)_server_product_openbmc_firmware | Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access. | 2024-02-14 | 5.2 | CVE-2023-31189 secure@intel.com |
intel -- intel(r)_server_product_openbmc_firmware | Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access. | 2024-02-14 | 5.3 | CVE-2023-32280 secure@intel.com |
intel -- intel(r)_ssu_software | Uncontrolled search path element in some Intel(R) SSU software before version 3.0.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-40156 secure@intel.com |
intel -- intel(r)_sur_for_gameplay_software | Uncontrolled search path in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-39932 secure@intel.com |
intel -- intel(r)_sur_for_gameplay_software | Incorrect default permissions in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-40154 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_controllers_versions | Improper access control in firmware for some Intel(R) Thunderbolt(TM) Controllers versions before 41 may allow a privileged user to enable denial of service via local access. | 2024-02-14 | 6.1 | CVE-2023-28396 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. | 2024-02-14 | 6.5 | CVE-2023-22390 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.3 | CVE-2023-24481 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-24542 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.1 | CVE-2023-24589 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-25779 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 5.5 | CVE-2023-22848 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 5.5 | CVE-2023-25769 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 5 | CVE-2023-26585 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-24463 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 4.2 | CVE-2023-27301 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 4.6 | CVE-2023-27308 secure@intel.com |
intel -- intel(r)_vroc_software | Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-31271 secure@intel.com |
intel -- intel(r)_vroc_software | Uncontrolled search path element in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-32646 secure@intel.com |
intel -- intel(r)_vroc_software | Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-34315 secure@intel.com |
intel -- intel(r)_vroc_software | Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-35003 secure@intel.com |
intel -- intel(r)_xtu_software | Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-28407 secure@intel.com |
intel -- intel(r)_xtu_software | Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.8 | CVE-2023-32647 secure@intel.com |
intel -- intel(r)_xtu_software | Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 5.5 | CVE-2023-38561 secure@intel.com |
intel -- intel_unite(r)_client_software | Improper access control in some Intel Unite(R) Client software before version 4.2.35041 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.6 | CVE-2023-40161 secure@intel.com |
intel -- sps_firmware | Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access. | 2024-02-14 | 4.9 | CVE-2023-29153 secure@intel.com |
intel -- tensorflow | Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 5.5 | CVE-2023-30767 secure@intel.com |
internallinkjuicer -- internal_link_juicer | The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-02-09 | 4.8 | CVE-2024-0657 security@wordfence.com security@wordfence.com |
isc -- bind_9 | If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | 2024-02-13 | 5.3 | CVE-2023-5680 security-officer@isc.org |
jboss -- undertow | A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories. | 2024-02-12 | 5.3 | CVE-2024-1459 secalert@redhat.com secalert@redhat.com |
jwcrypto -- jwcrypto | A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial-of-service attack. | 2024-02-12 | 5.3 | CVE-2023-6681 secalert@redhat.com secalert@redhat.com |
kalli_dan -- kd_coming_soon | Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon. This issue affects KD Coming Soon: from n/a through 1.7. | 2024-02-12 | 5.4 | CVE-2023-46615 audit@patchstack.com |
leap13 -- premium_addons_for_elementor | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16. | 2024-02-10 | 5.4 | CVE-2024-24831 audit@patchstack.com |
linksys -- wrt54gl_firmware | A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-10 | 4.3 | CVE-2024-1405 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
linksys -- wrt54gl_firmware | A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-10 | 4.3 | CVE-2024-1406 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
linux -- kernel | A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. | 2024-02-11 | 5.5 | CVE-2024-1151 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
linux -- linux | A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope. | 2024-02-14 | 6.8 | CVE-2024-1485 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
logichunt -- owl_carousel | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel - WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel - WordPress Owl Carousel Slider: from n/a through 1.4.0. | 2024-02-10 | 5.4 | CVE-2024-24801 audit@patchstack.com |
mastodon -- mastodon | Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers (CAS, SAML, OIDC) to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication provider allows changing the e-mail address or multiple authentication providers are configured. When a user logs in through an external authentication provider for the first time, Mastodon checks the e-mail address passed by the provider to find an existing account. However, using the e-mail address alone means that if the authentication provider allows changing the e-mail address of an account, the Mastodon account can immediately be hijacked. All users logging in through external authentication providers are affected. The severity is medium, as it also requires the external authentication provider to misbehave. However, some well-known OIDC providers (like Microsoft Azure) make it very easy to accidentally allow unverified e-mail changes. Moreover, OpenID Connect also allows dynamic client registration. This issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-14 | 4.2 | CVE-2024-25618 security-advisories@github.com security-advisories@github.com |
mattermost -- mattermost_server | Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post. | 2024-02-09 | 4.3 | CVE-2024-1402 responsibledisclosure@mattermost.com |
mattermost -- mattermost_server | Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues. | 2024-02-09 | 4.1 | CVE-2024-24774 responsibledisclosure@mattermost.com |
mattermost -- mattermost_server | Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions. | 2024-02-09 | 4.3 | CVE-2024-24776 responsibledisclosure@mattermost.com |
mediawiki -- managewiki | ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability. | 2024-02-09 | 6.5 | CVE-2024-25109 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
microsoft -- azure_file_sync | Microsoft Azure File Sync Elevation of Privilege Vulnerability | 2024-02-13 | 5.3 | CVE-2024-21397 secure@microsoft.com |
microsoft -- azure_stack_hub | Azure Stack Hub Spoofing Vulnerability | 2024-02-13 | 6.5 | CVE-2024-20679 secure@microsoft.com |
microsoft -- entra | Microsoft Azure Active Directory B2C Spoofing Vulnerability | 2024-02-13 | 6.8 | CVE-2024-21381 secure@microsoft.com |
microsoft -- microsoft_teams_for_android | Microsoft Teams for Android Information Disclosure | 2024-02-13 | 5 | CVE-2024-21374 secure@microsoft.com |
microsoft -- skype_for_business_server_2019_cu7 | Skype for Business Information Disclosure Vulnerability | 2024-02-13 | 5.7 | CVE-2024-20695 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows USB Generic Parent Driver Remote Code Execution Vulnerability | 2024-02-13 | 6.4 | CVE-2024-21339 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows Kernel Remote Code Execution Vulnerability | 2024-02-13 | 6.8 | CVE-2024-21341 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 2024-02-13 | 6.5 | CVE-2024-21356 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | 2024-02-13 | 5.9 | CVE-2024-21343 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | 2024-02-13 | 5.9 | CVE-2024-21344 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows Kernel Security Feature Bypass Vulnerability | 2024-02-13 | 5.5 | CVE-2024-21362 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Trusted Compute Base Elevation of Privilege Vulnerability | 2024-02-13 | 4.1 | CVE-2024-21304 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows Kernel Information Disclosure Vulnerability | 2024-02-13 | 4.6 | CVE-2024-21340 secure@microsoft.com |
microsoft -- windows_server_2022 | Windows Hyper-V Denial of Service Vulnerability | 2024-02-13 | 6.5 | CVE-2024-20684 secure@microsoft.com |
mitsubishi_electric_corporation -- melsec_iq-r_series_safety_cpu_r08sfcpu | Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allow a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. | 2024-02-13 | 6.5 | CVE-2023-6815 Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp |
moodle -- lms | Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent. | 2024-02-12 | 6.5 | CVE-2024-1439 cve-coordination@incibe.es |
netapp -- snapcenter | SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings | 2024-02-16 | 5.4 | CVE-2024-21987 security-alert@netapp.com |
netapp -- storagegrid | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. | 2024-02-16 | 6.5 | CVE-2024-21983 security-alert@netapp.com |
netapp -- storagegrid | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts. | 2024-02-16 | 5.9 | CVE-2024-21984 security-alert@netapp.com |
netgear -- r7000_firmware | A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253381 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-11 | 6.5 | CVE-2024-1430 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
netgear -- r7000_firmware | A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-11 | 6.5 | CVE-2024-1431 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nicdark -- restaurant_reservations | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 1.8. | 2024-02-12 | 6.5 | CVE-2023-51403 audit@patchstack.com |
ninjateam -- wp_chat_app | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS. This issue affects WP Chat App: from n/a through 3.4.4. | 2024-02-12 | 5.9 | CVE-2023-51370 audit@patchstack.com |
nodejs -- undici | Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body. | 2024-02-16 | 6.5 | CVE-2024-24750 security-advisories@github.com security-advisories@github.com |
open-xchange_gmbh -- ox_app_suite | User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a user's session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known. | 2024-02-12 | 6.1 | CVE-2023-41703 security@open-xchange.com security@open-xchange.com |
open-xchange_gmbh -- ox_app_suite | Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known. | 2024-02-12 | 6.5 | CVE-2023-41705 security@open-xchange.com security@open-xchange.com |
open-xchange_gmbh -- ox_app_suite | Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known. | 2024-02-12 | 6.5 | CVE-2023-41706 security@open-xchange.com security@open-xchange.com |
open-xchange_gmbh -- ox_app_suite | Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known. | 2024-02-12 | 6.5 | CVE-2023-41707 security@open-xchange.com security@open-xchange.com |
open-xchange_gmbh -- ox_app_suite | References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now more strictly controlled to avoid relative references. No publicly available exploits are known. | 2024-02-12 | 5.4 | CVE-2023-41708 security@open-xchange.com security@open-xchange.com |
oracle_corporation -- application_object_library | Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). | 2024-02-17 | 6.5 | CVE-2024-20929 secalert_us@oracle.com |
oracle_corporation -- application_object_library | Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | 2024-02-17 | 5.3 | CVE-2024-20915 secalert_us@oracle.com |
oracle_corporation -- bi_publisher_(formerly_xml_publisher) | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 5.4 | CVE-2024-20980 secalert_us@oracle.com |
oracle_corporation -- business_intelligence_enterprise_edition | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 5.4 | CVE-2024-20913 secalert_us@oracle.com |
oracle_corporation -- common_applications | Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data as well as unauthorized read access to a subset of Oracle Common Applications accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 5.4 | CVE-2024-20947 secalert_us@oracle.com |
oracle_corporation -- crm_technical_foundation | Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). | 2024-02-17 | 4.3 | CVE-2024-20939 secalert_us@oracle.com |
oracle_corporation -- customer_interaction_history | Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20949 secalert_us@oracle.com |
oracle_corporation -- customer_interaction_history | Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20951 secalert_us@oracle.com |
oracle_corporation -- database_-_enterprise_edition | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). | 2024-02-17 | 6.5 | CVE-2024-20903 secalert_us@oracle.com |
oracle_corporation -- installed_base | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20933 secalert_us@oracle.com |
oracle_corporation -- installed_base | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20935 secalert_us@oracle.com |
oracle_corporation -- installed_base | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20941 secalert_us@oracle.com |
oracle_corporation -- installed_base | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 5.4 | CVE-2024-20958 secalert_us@oracle.com |
oracle_corporation -- java_se_jdk_and_jre | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). | 2024-02-17 | 5.9 | CVE-2024-20919 secalert_us@oracle.com |
oracle_corporation -- java_se_jdk_and_jre | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2024-02-17 | 5.9 | CVE-2024-20921 secalert_us@oracle.com |
oracle_corporation -- java_se_jdk_and_jre | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). | 2024-02-17 | 4.7 | CVE-2024-20945 secalert_us@oracle.com |
oracle_corporation -- jd_edwards_enterpriseone_tools | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2024-02-17 | 4.3 | CVE-2024-20937 secalert_us@oracle.com |
oracle_corporation -- knowledge_management | Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 5.4 | CVE-2024-20943 secalert_us@oracle.com |
oracle_corporation -- mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 6.5 | CVE-2024-20960 secalert_us@oracle.com |
oracle_corporation -- mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 6.5 | CVE-2024-20962 secalert_us@oracle.com |
oracle_corporation -- mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 5.3 | CVE-2024-20964 secalert_us@oracle.com |
oracle_corporation -- mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20966 secalert_us@oracle.com |
oracle_corporation -- mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.4 | CVE-2024-20968 secalert_us@oracle.com |
oracle_corporation -- mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20970 secalert_us@oracle.com |
oracle_corporation -- mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20972 secalert_us@oracle.com |
oracle_corporation -- mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20974 secalert_us@oracle.com |
oracle_corporation -- mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20976 secalert_us@oracle.com |
oracle_corporation -- mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20978 secalert_us@oracle.com |
oracle_corporation -- mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20982 secalert_us@oracle.com |
oracle_corporation -- mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.4 | CVE-2024-20984 secalert_us@oracle.com |
oracle_corporation -- sun_zfs_storage_appliance_kit_(ak)_software | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2024-02-17 | 4.3 | CVE-2023-21833 secalert_us@oracle.com |
oracle_corporation -- web_applications_desktop_integrator | Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20907 secalert_us@oracle.com |
oracle_corporation -- weblogic_server | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20986 secalert_us@oracle.com |
otwthemes -- buttons_shortcode_and_widget | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16. | 2024-02-12 | 5.4 | CVE-2024-24930 audit@patchstack.com |
palo_alto_networks -- pan-os | A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator. | 2024-02-14 | 6.8 | CVE-2024-0007 psirt@paloaltonetworks.com |
palo_alto_networks -- pan-os | Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. | 2024-02-14 | 6.6 | CVE-2024-0008 psirt@paloaltonetworks.com |
palo_alto_networks -- pan-os | An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. | 2024-02-14 | 6.3 | CVE-2024-0009 psirt@paloaltonetworks.com |
palo_alto_networks -- pan-os | A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user's browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. | 2024-02-14 | 4.3 | CVE-2024-0010 psirt@paloaltonetworks.com |
palo_alto_networks -- pan-os | A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user's browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. | 2024-02-14 | 4.3 | CVE-2024-0011 psirt@paloaltonetworks.com |
photoboxone -- smtp_mail | Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail. This issue affects SMTP Mail: from n/a through 1.3.20. | 2024-02-13 | 4.3 | CVE-2024-25914 audit@patchstack.com |
pluginus -- woot | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store allows Stored XSS.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6. | 2024-02-10 | 5.4 | CVE-2023-51480 audit@patchstack.com |
pquic -- pquic | In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation. | 2024-02-09 | 6.5 | CVE-2024-25679 cve@mitre.org cve@mitre.org cve@mitre.org |
prasidhdamalla -- honeypot_for_wp_comment | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS. This issue affects Honeypot for WP Comment: from n/a through 2.2.3. | 2024-02-12 | 6.1 | CVE-2024-24933 audit@patchstack.com |
python -- python | nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template. | 2024-02-09 | 6.5 | CVE-2024-21624 security-advisories@github.com security-advisories@github.com |
qnap_systems_inc -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-13 | 5.8 | CVE-2023-47218 security@qnapsecurity.com.tw security@qnapsecurity.com.tw |
qnap_systems_inc -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QTS 4.3.6.2665 build 20240131 and later QTS 4.3.4.2675 build 20240131 and later QTS 4.3.3.2644 build 20240131 and later QTS 4.2.6 build 20240131 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-13 | 5.8 | CVE-2023-50358 security@qnapsecurity.com.tw security@qnapsecurity.com.tw security@qnapsecurity.com.tw |
red_hat -- 389-ds-base | A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. | 2024-02-12 | 5.5 | CVE-2024-1062 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- openshift | A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF. | 2024-02-16 | 5.4 | CVE-2024-1342 secalert@redhat.com secalert@redhat.com |
ryan_duff_peter_westwood -- wp_contact_form | Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form. This issue affects WP Contact Form: from n/a through 1.6. | 2024-02-12 | 4.3 | CVE-2024-24929 audit@patchstack.com |
sametime -- sametime | Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. | 2024-02-10 | 4 | CVE-2023-45696 psirt@hcl.com |
sametime -- sametime | Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. | 2024-02-10 | 4.8 | CVE-2023-45698 psirt@hcl.com |
sap_se -- sap_bam_(bank_account_management) | SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application. | 2024-02-13 | 6.3 | CVE-2024-24739 cna@sap.com cna@sap.com |
sap_se -- sap_companion | SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application. | 2024-02-13 | 5.4 | CVE-2024-22129 cna@sap.com cna@sap.com |
sap_se -- sap_crm_(webclient_ui) | SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integrity of the application data after successful exploitation. There is no impact on confidentiality and availability. | 2024-02-13 | 4.1 | CVE-2024-24742 cna@sap.com cna@sap.com |
sap_se -- sap_fiori_app_(my_overtime_requests) | The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability. | 2024-02-13 | 4.3 | CVE-2024-25643 cna@sap.com cna@sap.com |
sap_se -- sap_master_data_governance_material | SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability. | 2024-02-13 | 4.3 | CVE-2024-24741 cna@sap.com cna@sap.com |
sap_se -- sap_netweaver_application_server_abap_(sap_kernel) | SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application. | 2024-02-13 | 5.3 | CVE-2024-24740 cna@sap.com cna@sap.com |
sap_se -- sap_netweaver_business_client_for_html | SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation. | 2024-02-13 | 4.7 | CVE-2024-22128 cna@sap.com cna@sap.com |
sentry -- sentry | Sentry is an error tracking and performance monitoring platform. Sentry's integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 5.3 | CVE-2024-24829 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
siemens -- openpcs_7_v9.1 | A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain unorganized RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server. | 2024-02-13 | 6.5 | CVE-2023-48363 productcert@siemens.com |
siemens -- openpcs_7_v9.1 | A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server. | 2024-02-13 | 6.5 | CVE-2023-48364 productcert@siemens.com |
siemens -- tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2024-02-13 | 5.5 | CVE-2024-23799 productcert@siemens.com |
siemens -- tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2024-02-13 | 5.5 | CVE-2024-23800 productcert@siemens.com |
siemens -- tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2024-02-13 | 5.5 | CVE-2024-23801 productcert@siemens.com |
silabs.com -- gsdk | A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. | 2024-02-15 | 6.5 | CVE-2024-0240 product-security@silabs.com product-security@silabs.com |
squid-cache -- squid | Squid is an open-source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2 | 2024-02-14 | 5.3 | CVE-2024-25617 security-advisories@github.com security-advisories@github.com |
svix -- svix | Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification, no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues. | 2024-02-13 | 6.8 | CVE-2024-21491 report@snyk.io report@snyk.io report@snyk.io report@snyk.io |
swadeshswain -- before_after_image_slider | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2. | 2024-02-12 | 5.4 | CVE-2024-24931 audit@patchstack.com |
task_manager_in_php_with_source_code_project -- task_manager_in_php_with_source_code | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php. | 2024-02-14 | 6.1 | CVE-2024-25218 cve@mitre.org |
task_manager_in_php_with_source_code_project -- task_manager_in_php_with_source_code | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php. | 2024-02-14 | 6.1 | CVE-2024-25219 cve@mitre.org |
task_manager_in_php_with_source_code_project -- task_manager_in_php_with_source_code | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php. | 2024-02-14 | 6.1 | CVE-2024-25221 cve@mitre.org |
tenable -- security_center | An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks. | 2024-02-14 | 5.9 | CVE-2024-1471 vulnreport@tenable.com |
treasure-data -- digdag | Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-14 | 5.3 | CVE-2024-25125 security-advisories@github.com security-advisories@github.com |
trellix -- trellix_central_management_(cm) | A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard. | 2024-02-13 | 4.6 | CVE-2023-6072 trellixpsirt@trellix.com |
typo3 -- typo3 | TYPO3 is an open-source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. | 2024-02-13 | 4.3 | CVE-2024-25118 security-advisories@github.com security-advisories@github.com |
typo3 -- typo3 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability. | 2024-02-13 | 4.9 | CVE-2024-25119 security-advisories@github.com security-advisories@github.com |
typo3 -- typo3 | TYPO3 is an open-source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. | 2024-02-13 | 4.3 | CVE-2024-25120 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
virusblokada -- vba32_antivirus | Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver. | 2024-02-13 | 6.3 | CVE-2024-23439 help@fluidattacks.com help@fluidattacks.com |
virusblokada -- vba32_antivirus | Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer. | 2024-02-13 | 6.3 | CVE-2024-23440 help@fluidattacks.com help@fluidattacks.com |
web-soudan -- mw_wp_form | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6. | 2024-02-10 | 5.4 | CVE-2024-24804 audit@patchstack.com |
wolfssl -- sp_math_all_rsa | wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define "WOLFSSL_STATIC_RSA" enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However, the server's private key is not exposed. | 2024-02-09 | 5.9 | CVE-2023-6935 facts@wolfssl.com facts@wolfssl.com |
wolfssl -- sp_math_all_rsa | wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. | 2024-02-15 | 5.3 | CVE-2023-6937 facts@wolfssl.com facts@wolfssl.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS. This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. | 2024-02-12 | 6.1 | CVE-2024-24927 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyAgilePrivacy My Agile Privacy - The only GDPR solution for WordPress that you can truly trust allows Stored XSS. This issue affects My Agile Privacy - The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7. | 2024-02-10 | 5.4 | CVE-2023-51404 audit@patchstack.com |
wordpress -- wordpress | The Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. | 2024-02-10 | 5.3 | CVE-2024-0596 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Event Manager, Events Calendar, Events Tickets for WooCommerce - Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. | 2024-02-09 | 5.3 | CVE-2024-1122 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin - Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin - Online Booking for WordPress: from n/a through 3.5.10. | 2024-02-10 | 5.4 | CVE-2024-23517 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS. This issue affects Heateor Social Login WordPress: from n/a through 1.1.30. | 2024-02-10 | 5.4 | CVE-2024-24712 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings - Car Listings & Car Dealership Plugin for WordPress allows Stored XSS. This issue affects Auto Listings - Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5. | 2024-02-10 | 5.4 | CVE-2024-24713 audit@patchstack.com |
wordpress -- wordpress | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-13 | 6.4 | CVE-2024-1159 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Landing Page Cat - Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public. | 2024-02-15 | 5.3 | CVE-2024-0708 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-13 | 5.4 | CVE-2024-1157 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-13 | 5.4 | CVE-2024-1160 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery - Contact Form, Upload Form, Social Share and Voting Plugin for WordPress. This issue affects Photos and Files Contest Gallery - Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4. | 2024-02-12 | 5.4 | CVE-2024-24887 audit@patchstack.com |
wp-hosting -- pay_with_vipps_and_mobilepay_for_woocommerce | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS.This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13. | 2024-02-10 | 5.4 | CVE-2023-51485 audit@patchstack.com |
wpoperation -- ultra_companion | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoperation Ultra Companion - Companion plugin for WPoperation Themes allows Stored XSS.This issue affects Ultra Companion - Companion plugin for WPoperation Themes: from n/a through 1.1.9. | 2024-02-10 | 5.4 | CVE-2024-24803 audit@patchstack.com |
wpsimpletools -- basic_log_viewer | Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer. This issue affects Basic Log Viewer: from n/a through 1.0.4. | 2024-02-12 | 4.3 | CVE-2024-24935 audit@patchstack.com |
yannick_lefebvre -- link_library | Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library. This issue affects Link Library: from n/a through 7.5.13. | 2024-02-12 | 4.3 | CVE-2024-24875 audit@patchstack.com |
zabbix -- zabbix | The cause of vulnerability is improper validation of form input field "Name" on Graph page in Items section. | 2024-02-09 | 5.4 | CVE-2024-22119 security@zabbix.com |
zalify -- easy_email | Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version. | 2024-02-09 | 6.1 | CVE-2023-39683 cve@mitre.org cve@mitre.org cve@mitre.org |
zixn -- vk_poster_group | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS. This issue affects VK Poster Group: from n/a through 2.0.3. | 2024-02-12 | 6.1 | CVE-2024-24932 audit@patchstack.com |
zoom_video_communications,_inc -- zoom_clients | Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access. | 2024-02-14 | 5.4 | CVE-2024-24690 security@zoom.us |
zoom_video_communications_inc -- zoom_clients | Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access. | 2024-02-14 | 6.5 | CVE-2024-24699 security@zoom.us |
zoom_video_communications_inc -- zoom_clients | Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access. | 2024-02-14 | 4.9 | CVE-2024-24698 security@zoom.us |
zoom_video_communications_inc -- zoom_desktop_client_for_windows_zoom_vdi_client_for_windows_and_zoom_meeting_sdk_for_windows | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. | 2024-02-14 | 6.8 | CVE-2024-24695 security@zoom.us |
zoom_video_communications_inc -- zoom_desktop_client_for_windows_zoom_vdi_client_for_windows_and_zoom_meeting_sdk_for_windows | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. | 2024-02-14 | 6.8 | CVE-2024-24696 security@zoom.us |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alfio-event -- alf.io | Alf.io is a free and open-source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an XSS payload. This issue has been addressed in version 2.0-M4-2402. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-16 | 3.5 | CVE-2024-25627 security-advisories@github.com |
beyondtrust -- privilege_management_for_windows | Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues. | 2024-02-16 | 3.3 | CVE-2024-1591 13061848-ea10-403d-bd75-c83a022c2891 |
dbartholomae -- lambda-middleware_frameguard | A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability. | 2024-02-12 | 3.5 | CVE-2021-4437 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
f5 -- big-ip | An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 3.8 | CVE-2024-23603 f5sirt@f5.com |
gambio -- gambio | Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. | 2024-02-12 | 2.7 | CVE-2024-23760 cve@mitre.org |
ibm -- trusteer_ios_sdk | An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535. | 2024-02-17 | 2.2 | CVE-2022-42443 psirt@us.ibm.com psirt@us.ibm.com |
intel -- intel(r)_mas_software | Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 1.8 | CVE-2023-41090 secure@intel.com |
intel -- intel(r)_sgx_dcap_software_for_windows | Improper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticated user to potentially enable information disclosure via local access. | 2024-02-14 | 3.8 | CVE-2023-42776 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access. | 2024-02-14 | 3.8 | CVE-2023-26592 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. | 2024-02-14 | 3.8 | CVE-2023-27300 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. | 2024-02-14 | 3.8 | CVE-2023-27303 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. | 2024-02-14 | 3.8 | CVE-2023-27307 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access. | 2024-02-14 | 2 | CVE-2023-26591 secure@intel.com |
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 2.5 | CVE-2023-26596 secure@intel.com |
kde -- plasma_workspace | A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes. | 2024-02-11 | 3.1 | CVE-2024-1433 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
lenovo -- thinksystem_sr670_v2 | ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. | 2024-02-16 | 2 | CVE-2024-23591 psirt@lenovo.com |
mastodon -- mastodon | Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue listening to streaming after the application had been destroyed. Essentially this comes down to the fact that when Doorkeeper sets up the relationship between Applications and Access Tokens, it uses a `dependent: delete_all` configuration, which means the `after_commit` callback setup on `AccessTokenExtension` didn't actually fire, since `delete_all` doesn't trigger ActiveRecord callbacks. To mitigate, we need to add a `before_destroy` callback to `ApplicationExtension` which announces to streaming that all the Application's Access Tokens are being "killed". Impact should be negligible given the affected application had to be owned by the user. None the less this issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability. | 2024-02-14 | 3.1 | CVE-2024-25619 security-advisories@github.com security-advisories@github.com |
mattermost -- mattermost_server | Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message. | 2024-02-09 | 3.5 | CVE-2024-23319 responsibledisclosure@mattermost.com |
nodejs -- undici | Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-16 | 3.9 | CVE-2024-24758 security-advisories@github.com security-advisories@github.com |
opensc -- authentic_driver | The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occurring in the card enrolment process using pkcs15-init when a user or administrator enrolls or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment. | 2024-02-12 | 3.4 | CVE-2024-1454 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
oracle_corporation -- audit_vault_and_database_firewall | Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N). | 2024-02-17 | 2.6 | CVE-2024-20911 secalert_us@oracle.com |
oracle_corporation -- java_se_jdk_and_jre | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | 2024-02-17 | 3.1 | CVE-2024-20923 secalert_us@oracle.com |
oracle_corporation -- java_se_jdk_and_jre | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). | 2024-02-17 | 3.1 | CVE-2024-20925 secalert_us@oracle.com |
oracle_corporation -- jd_edwards_enterpriseone_tools | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). | 2024-02-17 | 2.7 | CVE-2024-20905 secalert_us@oracle.com |
sametime -- sametime | Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session. | 2024-02-09 | 3.9 | CVE-2023-45718 psirt@hcl.com |
sametime -- sametime | Sametime is impacted by sensitive information passed in URL. | 2024-02-09 | 1.7 | CVE-2023-45716 psirt@hcl.com |
siemens -- parasolid_v35.0 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2024-02-13 | 3.3 | CVE-2024-22043 productcert@siemens.com |
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
4ipnet -- eap-767 | 4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged. | 2024-02-14 | not yet calculated | CVE-2024-24300 cve@mitre.org |
4ipnet -- eap-767 | Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. | 2024-02-14 | not yet calculated | CVE-2024-24301 cve@mitre.org |
adv_radius -- adv_radius | SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script. | 2024-02-13 | not yet calculated | CVE-2024-22923 cve@mitre.org cve@mitre.org |
alanclarke -- urlite | An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function. | 2024-02-16 | not yet calculated | CVE-2023-51931 cve@mitre.org cve@mitre.org |
amd -- 3rd_gen_amd | Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. | 2024-02-13 | not yet calculated | CVE-2023-20587 psirt@amd.com |
amd -- 3rd_gen_amd | Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. | 2024-02-13 | not yet calculated | CVE-2023-31346 psirt@amd.com |
amd -- 3rd_gen_amd | Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity. | 2024-02-13 | not yet calculated | CVE-2023-31347 psirt@amd.com |
amd -- alveo_card | Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. | 2024-02-13 | not yet calculated | CVE-2023-20570 psirt@amd.com |
amd -- amd_ryzen | Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation. | 2024-02-13 | not yet calculated | CVE-2021-46757 psirt@amd.com |
amd -- amd_ryzen | Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. | 2024-02-13 | not yet calculated | CVE-2023-20579 psirt@amd.com |
appleple_inc. -- a-blog_cms | URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log. | 2024-02-15 | not yet calculated | CVE-2024-25559 vultures@jpcert.or.jp vultures@jpcert.or.jp |
bludit -- bludit_cms | Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php. | 2024-02-17 | not yet calculated | CVE-2024-25297 cve@mitre.org |
caddy -- caddy | The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring. | 2024-02-12 | not yet calculated | CVE-2023-52430 cve@mitre.org cve@mitre.org |
ce-phoenixcart -- phoenixcart | A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php. | 2024-02-16 | not yet calculated | CVE-2024-25415 cve@mitre.org cve@mitre.org cve@mitre.org |
codeprojects -- simple_admin_panel_app | Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php. | 2024-02-14 | not yet calculated | CVE-2024-25223 cve@mitre.org |
codeprojects -- simple_admin_panel_app | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function. | 2024-02-14 | not yet calculated | CVE-2024-25224 cve@mitre.org |
codeprojects -- simple_admin_panel_app | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | 2024-02-14 | not yet calculated | CVE-2024-25225 cve@mitre.org |
codeprojects -- simple_admin_panel_app | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | 2024-02-14 | not yet calculated | CVE-2024-25226 cve@mitre.org |
connect2id -- nimbus_jose+jwt | In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component. | 2024-02-11 | not yet calculated | CVE-2023-52428 cve@mitre.org cve@mitre.org cve@mitre.org |
cskaza -- csz_cms | An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. | 2024-02-16 | not yet calculated | CVE-2024-25414 cve@mitre.org cve@mitre.org |
cu_solutions_group -- cusg_solutions_content_management_solution | Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component. | 2024-02-14 | not yet calculated | CVE-2023-48985 cve@mitre.org |
cu_solutions_group -- cusg_solutions_content_management_solution | Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component. | 2024-02-14 | not yet calculated | CVE-2023-48986 cve@mitre.org |
cu_solutions_group -- cusg_solutions_content_management_solution | Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component. | 2024-02-14 | not yet calculated | CVE-2023-48987 cve@mitre.org |
dakkar -- plack::middleware::xsrfblock_perl_package | The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled). | 2024-02-13 | not yet calculated | CVE-2023-52431 cve@mitre.org cve@mitre.org |
darktrace -- threat_visualizer | DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form. | 2024-02-16 | not yet calculated | CVE-2024-22854 cve@mitre.org |
digital-peak.com -- dp_calendar_for_joomla | XSS vulnerability in DP Calendar component for Joomla. | 2024-02-15 | not yet calculated | CVE-2024-21727 security@joomla.org |
dnssec -- dnssec | The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. | 2024-02-14 | not yet calculated | CVE-2023-50868 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
ellucian -- banner | Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint. | 2024-02-13 | not yet calculated | CVE-2023-49339 cve@mitre.org cve@mitre.org |
expressvpn -- expressvpn | ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users. | 2024-02-11 | not yet calculated | CVE-2024-25728 cve@mitre.org cve@mitre.org |
firebear_studio -- improved_import_&_export | A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file. | 2024-02-16 | not yet calculated | CVE-2024-25413 cve@mitre.org cve@mitre.org |
flusity -- flusity_cms | Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. | 2024-02-15 | not yet calculated | CVE-2024-25502 cve@mitre.org |
freebsd -- freebsd | The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. | 2024-02-15 | not yet calculated | CVE-2022-23084 secteam@freebsd.org |
freebsd -- freebsd | A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. | 2024-02-15 | not yet calculated | CVE-2022-23085 secteam@freebsd.org |
freebsd -- freebsd | Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group. | 2024-02-15 | not yet calculated | CVE-2022-23086 secteam@freebsd.org |
freebsd -- freebsd | The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on-stack buffer. The offset was not validated for certain packet types. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context. The bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD version and bhyve configuration) limits the impact of exploiting this issue. | 2024-02-15 | not yet calculated | CVE-2022-23087 secteam@freebsd.org |
freebsd -- freebsd | The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution. | 2024-02-15 | not yet calculated | CVE-2022-23088 secteam@freebsd.org |
freebsd -- freebsd | When dumping core and saving process information, proc_getargv() might return a sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash. | 2024-02-15 | not yet calculated | CVE-2022-23089 secteam@freebsd.org |
freebsd -- freebsd | The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF). | 2024-02-15 | not yet calculated | CVE-2022-23090 secteam@freebsd.org |
freebsd -- freebsd | A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel. | 2024-02-15 | not yet calculated | CVE-2022-23091 secteam@freebsd.org |
freebsd -- freebsd | The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox. | 2024-02-15 | not yet calculated | CVE-2022-23092 secteam@freebsd.org |
freebsd -- freebsd | ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header. The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes. The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash. The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur. | 2024-02-15 | not yet calculated | CVE-2022-23093 secteam@freebsd.org |
freebsd -- freebsd | `bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root. | 2024-02-15 | not yet calculated | CVE-2024-25940 secteam@freebsd.org |
freebsd -- freebsd | The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked. | 2024-02-15 | not yet calculated | CVE-2024-25941 secteam@freebsd.org |
german_national_identity_card -- online-ausweis-funktion_eid_scheme | The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the "sPACE (Spoofing Password Authenticated Connection Establishment)" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is "ensuring a secure operational environment at the client side is an obligation of the ID card owner." | 2024-02-15 | not yet calculated | CVE-2024-23674 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
gestsup -- gestsup | A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. | 2024-02-13 | not yet calculated | CVE-2023-52059 cve@mitre.org cve@mitre.org |
gestsup -- gestsup | A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request. | 2024-02-13 | not yet calculated | CVE-2023-52060 cve@mitre.org cve@mitre.org |
ghost -- ghost | Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector." | 2024-02-11 | not yet calculated | CVE-2024-23724 cve@mitre.org cve@mitre.org cve@mitre.org |
google -- android | In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2023-40122 security@android.com security@android.com |
google -- android | In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2023-21165 security@android.com |
google -- android | In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2023-40085 security@android.com security@android.com |
google -- android | In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2023-40093 security@android.com security@android.com security@android.com |
google -- android | In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40100 security@android.com security@android.com |
google -- android | In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40104 security@android.com security@android.com |
google -- android | In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40105 security@android.com security@android.com |
google -- android | In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40106 security@android.com security@android.com |
google -- android | In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40107 security@android.com security@android.com |
google -- android | In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40109 security@android.com security@android.com |
google -- android | In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40110 security@android.com security@android.com |
google -- android | In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40111 security@android.com security@android.com |
google -- android | In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40112 security@android.com security@android.com |
google -- android | In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40113 security@android.com security@android.com |
google -- android | In multiple functions of MtpFfsHandle.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40114 security@android.com security@android.com |
google -- android | In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40115 security@android.com security@android.com |
google -- android | In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40124 security@android.com security@android.com |
google -- android | In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0014 security@android.com |
google -- android | In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0015 security@android.com security@android.com |
google -- android | In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0016 security@android.com security@android.com |
google -- android | In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0017 security@android.com security@android.com |
google -- android | In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0018 security@android.com security@android.com |
google -- android | In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0019 security@android.com security@android.com |
google -- android | In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0020 security@android.com security@android.com |
google -- android | In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0021 security@android.com security@android.com |
google -- android | In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0023 security@android.com security@android.com |
google -- android | In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0029 security@android.com security@android.com |
google -- android | In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0030 security@android.com security@android.com |
google -- android | In attp_build_read_by_type_value_cmd of att_protocol.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0031 security@android.com security@android.com |
google -- android | In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0032 security@android.com security@android.com security@android.com |
google -- android | In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0033 security@android.com security@android.com security@android.com |
google -- android | In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0034 security@android.com security@android.com |
google -- android | In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0035 security@android.com security@android.com |
google -- android | In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0036 security@android.com security@android.com |
google -- android | In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0037 security@android.com security@android.com |
google -- android | In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0038 security@android.com security@android.com |
google -- android | In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0040 security@android.com security@android.com |
google -- android | In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0041 security@android.com security@android.com |
hazelcast -- hazelcast_platform | In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem. | 2024-02-16 | not yet calculated | CVE-2023-45860 cve@mitre.org cve@mitre.org |
honeywell -- niagara_framework | Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing. This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1. | 2024-02-13 | not yet calculated | CVE-2024-1309 psirt@honeywell.com psirt@honeywell.com |
hp_inc -- certain_hp_desktop_pc_products | Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities. | 2024-02-14 | not yet calculated | CVE-2022-48219 hp-security-alert@hp.com |
hp_inc -- certain_hp_desktop_pc_products | Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities. | 2024-02-14 | not yet calculated | CVE-2022-48220 hp-security-alert@hp.com |
hp_inc. -- certain_hp_workstation_pcs | A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability. | 2024-02-14 | not yet calculated | CVE-2023-6138 hp-security-alert@hp.com |
idocview -- idocv | An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script. | 2024-02-16 | not yet calculated | CVE-2024-24377 cve@mitre.org |
inprax -- izzi_connect | INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit "reQnet iZZi".This issue affects "iZZi connect" application versions before 2024010401. | 2024-02-15 | not yet calculated | CVE-2024-0390 cvd@cert.pl cvd@cert.pl |
koha -- koha | CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components. | 2024-02-12 | not yet calculated | CVE-2024-24337 cve@mitre.org |
linux -- kernel | dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. | 2024-02-12 | not yet calculated | CVE-2023-52429 cve@mitre.org cve@mitre.org |
linux -- kernel | printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact. | 2024-02-12 | not yet calculated | CVE-2024-25741 cve@mitre.org |
linux -- kernel | In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. | 2024-02-12 | not yet calculated | CVE-2024-25744 cve@mitre.org cve@mitre.org |
linux -- ubi | create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. | 2024-02-12 | not yet calculated | CVE-2024-25739 cve@mitre.org cve@mitre.org |
linux -- ubi | A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. | 2024-02-12 | not yet calculated | CVE-2024-25740 cve@mitre.org |
mbloch -- mbloch/mapshaper | Path Traversal in GitHub repository mbloch/mapshaper prior to 0.6.44. | 2024-02-13 | not yet calculated | CVE-2024-1163 security@huntr.dev security@huntr.dev |
motorola -- cx2l | A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. | 2024-02-12 | not yet calculated | CVE-2024-25360 cve@mitre.org |
mysten_labs -- sui blockchain | An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. | 2024-02-13 | not yet calculated | CVE-2023-42374 cve@mitre.org cve@mitre.org cve@mitre.org |
ncurses -- ncurses | ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. | 2024-02-16 | not yet calculated | CVE-2023-45918 cve@mitre.org |
qanything -- kernel | qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection. | 2024-02-11 | not yet calculated | CVE-2024-25722 cve@mitre.org cve@mitre.org |
raidenmaild -- raidenmaild | Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory. | 2024-02-13 | not yet calculated | CVE-2023-38960 cve@mitre.org |
react_ative -- document_picker | Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component. | 2024-02-16 | not yet calculated | CVE-2024-25466 cve@mitre.org cve@mitre.org |
redaxo -- redaxo_cms | An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. | 2024-02-17 | not yet calculated | CVE-2024-25298 cve@mitre.org |
redaxo -- redaxo_cms | A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. | 2024-02-14 | not yet calculated | CVE-2024-25300 cve@mitre.org |
redaxo -- redaxo_cms | Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. | 2024-02-14 | not yet calculated | CVE-2024-25301 cve@mitre.org cve@mitre.org |
rhonabwy -- rhonabwy | In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.) | 2024-02-11 | not yet calculated | CVE-2024-25714 cve@mitre.org |
rurban -- cpanel::json::xs_perl_package | The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service. | 2024-02-13 | not yet calculated | CVE-2022-48623 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
samly -- samly | In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry. | 2024-02-11 | not yet calculated | CVE-2024-25718 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
sharp_corporation -- energy_management_controller_with_cloud_services | Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication. | 2024-02-14 | not yet calculated | CVE-2024-23783 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
sharp_corporation -- energy_management_controller_with_cloud_services | Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product. | 2024-02-14 | not yet calculated | CVE-2024-23784 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
sharp_corporation -- energy_management_controller_with_cloud_services | Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. | 2024-02-14 | not yet calculated | CVE-2024-23785 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
sharp_corporation -- energy_management_controller_with_cloud_services | Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product. | 2024-02-14 | not yet calculated | CVE-2024-23786 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
sharp_corporation -- energy_management_controller_with_cloud_services | Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product. | 2024-02-14 | not yet calculated | CVE-2024-23787 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
sharp_corporation -- energy_management_controller_with_cloud_services | Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product. | 2024-02-14 | not yet calculated | CVE-2024-23788 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
sharp_corporation -- energy_management_controller_with_cloud_services | Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product. | 2024-02-14 | not yet calculated | CVE-2024-23789 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
smartcalc.es -- osticky_component_for_joomla | An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL. | 2024-02-15 | not yet calculated | CVE-2024-21728 security@joomla.org |
sourcecodester -- barangay_population_monitoring_system | Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php. | 2024-02-14 | not yet calculated | CVE-2024-25209 cve@mitre.org |
sourcecodester -- online_medicine_ordering_system | Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product. | 2024-02-14 | not yet calculated | CVE-2024-25217 cve@mitre.org |
sourcecodester -- school_task_manager | Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. | 2024-02-13 | not yet calculated | CVE-2024-24142 cve@mitre.org |
sourcecodester -- simple_expense_tracker | Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php. | 2024-02-14 | not yet calculated | CVE-2024-25210 cve@mitre.org |
sourcecodester -- simple_expense_tracker | Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php. | 2024-02-14 | not yet calculated | CVE-2024-25211 cve@mitre.org |
steve-community -- steve | SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions. | 2024-02-13 | not yet calculated | CVE-2024-25407 cve@mitre.org |
swftools -- swftools | A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex. | 2024-02-14 | not yet calculated | CVE-2024-25165 cve@mitre.org |
teltonika - rut240 | Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface. | 2024-02-17 | not yet calculated | CVE-2023-31728 cve@mitre.org cve@mitre.org |
teltonika -- trb1 | Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB. | 2024-02-17 | not yet calculated | CVE-2024-22727 cve@mitre.org |
tenda -- ac10 | Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function. | 2024-02-15 | not yet calculated | CVE-2024-25373 cve@mitre.org |
tongda -- office_anywhere | Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php. | 2024-02-16 | not yet calculated | CVE-2024-25320 cve@mitre.org |
totoline -- x5000r | An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component. | 2024-02-17 | not yet calculated | CVE-2024-25468 cve@mitre.org |
vitalpbx -- vitalpbx | An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder. | 2024-02-15 | not yet calculated | CVE-2024-24386 cve@mitre.org cve@mitre.org |
wind_river -- vxworks | An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak. | 2024-02-15 | not yet calculated | CVE-2023-51787 cve@mitre.org |
wordpress -- analytics_insights_for_google_analytics_4_(aiwp) | The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | 2024-02-12 | not yet calculated | CVE-2024-0250 contact@wpscan.com |
wordpress -- mappress_maps_for_wordpress | The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks | 2024-02-12 | not yet calculated | CVE-2024-0420 contact@wpscan.com |
wordpress -- mappress_maps_for_wordpress | The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. | 2024-02-12 | not yet calculated | CVE-2024-0421 contact@wpscan.com |
wordpress -- smart_manager | The Smart Manager WordPress plugin before 8.28.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 2024-02-12 | not yet calculated | CVE-2024-0566 contact@wpscan.com |
wordpress -- wordpress | The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'handle_login_request'. This makes it possible for non-authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | 2024-02-12 | not yet calculated | CVE-2023-6036 contact@wpscan.com |
wordpress -- wordpress | The chartjs WordPress plugin through 2023.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-02-12 | not yet calculated | CVE-2023-6081 contact@wpscan.com contact@wpscan.com |
wordpress -- wordpress | The chartjs WordPress plugin through 2023.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-02-12 | not yet calculated | CVE-2023-6082 contact@wpscan.com contact@wpscan.com |
wordpress -- wordpress | The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. | 2024-02-12 | not yet calculated | CVE-2023-6294 contact@wpscan.com |
wordpress -- wordpress | The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitization as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 2024-02-12 | not yet calculated | CVE-2023-6499 contact@wpscan.com |
wordpress -- wordpress | The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2024-02-12 | not yet calculated | CVE-2023-6501 contact@wpscan.com contact@wpscan.com |
wordpress -- wordpress | The Popup Box WordPress plugin before 20.9.0 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2024-02-12 | not yet calculated | CVE-2023-6591 contact@wpscan.com |
wordpress -- wordpress | The GigPress WordPress plugin through 2.3.29 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-02-12 | not yet calculated | CVE-2023-7233 contact@wpscan.com |
wordpress -- wordpress | The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9. | 2024-02-12 | not yet calculated | CVE-2024-0248 contact@wpscan.com |
yetiforcecompany -- yetiforcecrm | Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component. | 2024-02-16 | not yet calculated | CVE-2023-49508 cve@mitre.org cve@mitre.org cve@mitre.org |
yonyou -- space-time_enterprise_information_integration_platform | SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 and before allows an attacker to obtain sensitive information via the gwbhAIM parameter in the saveMove.jsp in the hr_position directory. | 2024-02-15 | not yet calculated | CVE-2024-24256 cve@mitre.org |
zimbra -- zimbra_collaboration | In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp. | 2024-02-13 | not yet calculated | CVE-2023-26562 cve@mitre.org cve@mitre.org cve@mitre.org |
zimbra -- zimbra_collaboration | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.) | 2024-02-13 | not yet calculated | CVE-2023-45206 cve@mitre.org cve@mitre.org cve@mitre.org |
zimbra -- zimbra_collaboration | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitizing the JavaScript code present in a PDF document.) | 2024-02-13 | not yet calculated | CVE-2023-45207 cve@mitre.org cve@mitre.org cve@mitre.org |
zimbra -- zimbra_collaboration | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail. | 2024-02-13 | not yet calculated | CVE-2023-48432 cve@mitre.org cve@mitre.org cve@mitre.org |
zimbra -- zimbra_collaboration | Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI. | 2024-02-13 | not yet calculated | CVE-2023-50808 cve@mitre.org cve@mitre.org cve@mitre.org |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.