Vulnerability Summary for the Week of May 6, 2024

Released
May 13, 2024
Document ID
SB24-134

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
academy_lms -- academy_lmsMissing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16.2024-05-067.1CVE-2024-33912
audit@patchstack.com
brevo_for_woocommerce -- sendinblue_for_woocommerceImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo for WooCommerce Sendinblue for WooCommerce.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17.2024-05-068.5CVE-2024-32807
audit@patchstack.com
brocade -- brocade_sannavThe PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.2024-05-087.8CVE-2024-2860
sirt@brocade.com
codesys -- codesys_development_system_v2.3An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.2024-05-067.8CVE-2023-49675
info@cert.vde.com
delta_electronics -- diaenergieA SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field2024-05-069.8CVE-2024-4547
vulnreport@tenable.com
delta_electronics -- diaenergieAn SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.2024-05-069.8CVE-2024-4548
vulnreport@tenable.com
delta_electronics -- diaenergieA denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.2024-05-067.5CVE-2024-4549
vulnreport@tenable.com
denoland -- denoDeno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading `/proc/self/environ` may provide access equivalent to `--allow-env`, and writing `/proc/self/mem` may provide access equivalent to `--allow-all`. Users who grant read and write access to the entire filesystem may not realize that these access to these files may have additional, unintended consequences. The documentation did not reflect that this practice should be undertaken to increase the strength of the security sandbox. Users who run code with `--allow-read` or `--allow-write` may unexpectedly end up granting additional permissions via file-system operations. Deno 1.43 and above require explicit `--allow-all` access to read or write `/etc`, `/dev` on unix platform (as well as `/proc` and `/sys` on linux platforms), and any path starting with `\\` on Windows.2024-05-078.4CVE-2024-34346
security-advisories@github.com
ethereum -- go-ethereumgo-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards.2024-05-067.5CVE-2024-32972
security-advisories@github.com
security-advisories@github.com
f5 -- big-ipA stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-05-088CVE-2024-31156
f5sirt@f5.com
f5 -- big-ipWhen IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-05-087.5CVE-2024-33608
f5sirt@f5.com
f5 -- big-ip_edge_clientAn origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-05-087.4CVE-2024-28883
f5sirt@f5.com
f5 -- big-ip_next_central_managerAn OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-05-087.5CVE-2024-21793
f5sirt@f5.com
f5 -- big-ip_next_central_managerAn SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-05-087.5CVE-2024-26026
f5sirt@f5.com
f5 -- big-ip_next_central_managerBIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-05-087.4CVE-2024-32049
f5sirt@f5.com
f5 -- big-ip
 
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-05-087.5CVE-2024-25560
f5sirt@f5.com
faraday -- gm8181A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntp_srv leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-263304.2024-05-077.3CVE-2024-4582
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fedora -- dnf5daemon-serverIncomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question.  On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow. The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics are accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though. Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specify a plethora of additional configuration options. This makes various additional code paths in libdnf5 accessible to the attacker. 2024-05-088.8CVE-2024-2746
secalert@redhat.com
fedora -- dnf5daemon-serverLocal Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the "config" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.  Practically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this "config" map, which is untrusted data. It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access. 2024-05-087.5CVE-2024-1929
patrick@puiterwijk.org
fermyon -- spinSpin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and leaves the `Host` header set to its original value; 2. The Spin application's component handling the incoming request is configured with an `allow_outbound_hosts` list containing `"self"`; and 3. In reaction to an incoming request, the component makes an outbound request whose URL doesn't include the hostname/port. Spin 2.4.3 has been released to fix this issue.2024-05-089.1CVE-2024-32980
security-advisories@github.com
security-advisories@github.com
glpi-project -- glpiGLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.2024-05-077.1CVE-2024-29889
security-advisories@github.com
security-advisories@github.com
glpi-project -- glpiGLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.2024-05-077.7CVE-2024-31456
security-advisories@github.com
security-advisories@github.com
hoppscotch -- hoppscotch@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the vm context can break out if it can get a hold of any reference to an object created outside of the vm. In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. This vulnerability is fixed in 0.8.0.2024-05-088.3CVE-2024-34347
security-advisories@github.com
security-advisories@github.com
ibm -- aixIBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.2024-05-078.1CVE-2024-27273
psirt@us.ibm.com
psirt@us.ibm.com
ietf -- dhcpDHCP can add routes to a client's routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.2024-05-067.6CVE-2024-3661
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
impronta -- janto_ticketing_softwareIDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket.2024-05-077.5CVE-2024-4537
cve-coordination@incibe.es
impronta -- janto_ticketing_softwareIDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.2024-05-077.5CVE-2024-4538
cve-coordination@incibe.es
lan_messenger -- lan_messengerRemote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.2024-05-077.5CVE-2024-4599
cve-coordination@incibe.es
leadconnector -- leadconnectorMissing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7.2024-05-068.6CVE-2024-34378
audit@patchstack.com
litestar-org -- litestarLitestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server. The vulnerability is located in the file path handling mechanism within the static content serving function, specifically at `litestar/static_files/base.py`. This vulnerability is fixed in versions 2.8.3, 2.7.2, and 2.6.4.2024-05-068.2CVE-2024-32982
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
lucian_apostol -- auto_affiliate_linksImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1.2024-05-067.6CVE-2024-34386
audit@patchstack.com
lunar -- lunarImproper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information.2024-05-087.7CVE-2024-3507
cve-coordination@incibe.es
moxa -- nport_5100a_seriesThe NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges.2024-05-068.3CVE-2024-3576
psirt@moxa.com
oisf -- suricataSuricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).2024-05-077.5CVE-2024-32663
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
pallets -- werkzeugWerkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.2024-05-067.5CVE-2024-34069
security-advisories@github.com
security-advisories@github.com
parcel_panel -- parcelpanel
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1.2024-05-068.5CVE-2024-34412
audit@patchstack.com
popup_box_team -- popup_boxCross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2.2024-05-067.1CVE-2024-34367
audit@patchstack.com
pressfore -- rolo_sliderMissing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through 1.0.9.2024-05-087.7CVE-2024-1438
audit@patchstack.com
ptc -- codebeamerPTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code.2024-05-087.1CVE-2024-3951
ics-cert@hq.dhs.gov
qualcomm,_inc. -- snapdragonMemory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.2024-05-068.4CVE-2023-33119
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption while verifying the serialized header when the key pairs are generated.2024-05-068.4CVE-2023-43531
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption when IOMMU unmap of a GPU buffer fails in Linux.2024-05-068.4CVE-2024-21471
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption when size of buffer from previous call is used without validation or re-initialization.2024-05-068.4CVE-2024-21474
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.2024-05-068.4CVE-2024-23351
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption when the IOCTL call is interrupted by a signal.2024-05-068.4CVE-2024-23354
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonTransient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.2024-05-067.5CVE-2023-43529
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption when the payload received from firmware is not as per the expected protocol size.2024-05-067.8CVE-2024-21475
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption when the channel ID passed by user is not validated and further used.2024-05-067.8CVE-2024-21476
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonTransient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.2024-05-067.5CVE-2024-21477
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption while playing audio file having large-sized input buffer.2024-05-067.3CVE-2024-21480
product-security@qualcomm.com
red_hat -- red_hat_openstack_platform_16.1The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.2024-05-087.5CVE-2024-4436
secalert@redhat.com
secalert@redhat.com
red_hat -- red_hat_openstack_platform_16.1The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.2024-05-087.5CVE-2024-4437
secalert@redhat.com
secalert@redhat.com
red_hat -- red_hat_openstack_platform_16.1The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.2024-05-087.5CVE-2024-4438
secalert@redhat.com
secalert@redhat.com
repute_infosystems -- arforms_form_builderMissing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.2024-05-087.6CVE-2024-31270
audit@patchstack.com
scribit -- gdpr_complianceExposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.This issue affects GDPR Compliance: from n/a through 1.2.5.2024-05-067.5CVE-2024-34388
audit@patchstack.com
select-themes -- stockholm_coreImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core allows Reflected XSS.This issue affects Stockholm Core: from n/a through 2.4.1.2024-05-087.1CVE-2024-34553
audit@patchstack.com
silicon_labs -- z-wave_sdkA buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices.2024-05-078.1CVE-2024-22472
product-security@silabs.com
socomec -- net_visionCross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the 'set_param.cgi' file.2024-05-077.1CVE-2024-4600
cve-coordination@incibe.es
stacklok -- minderMinder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to `HandleGithubWebhook` to crash the Minder controlplane and deny other users from using it. This vulnerability is fixed in 0.0.48.2024-05-077.5CVE-2024-34084
security-advisories@github.com
security-advisories@github.com
thenbrent -- social_connectThe Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.2024-05-089.8CVE-2024-4393
security@wordfence.com
security@wordfence.com
vmware -- vmware_avi_load_balancerVMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system.2024-05-087.2CVE-2024-22264
security@vmware.com
webpushr_web_push_notifications -- webpushrImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0.2024-05-067.1CVE-2024-34369
audit@patchstack.com
wisdmlabs -- edwiser_bridge_-_wordpress_moodle_lms_integrationThe Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled.2024-05-079.8CVE-2024-4186
security@wordfence.com
security@wordfence.com
security@wordfence.com
wojtekmaj -- react-pdfreact-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2.2024-05-077.1CVE-2024-34342
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
wshberlin -- startklar_elementor_addonsThe Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.2024-05-079.8CVE-2024-4345
security@wordfence.com
security@wordfence.com
security@wordfence.com
wshberlin -- startklar_elementor_addonsThe Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.2024-05-079.1CVE-2024-4346
security@wordfence.com
security@wordfence.com
security@wordfence.com
N/A -- N/A

 
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release.2024-05-067.3CVE-2024-34089
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release.2024-05-067.3CVE-2024-34090
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release.2024-05-067.3CVE-2024-34091
cve@mitre.org
cve@mitre.org

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
a_wp_life -- video_gallery_-_api_gallery,_youtube_and_vimeo,_link_galleryMissing Authorization vulnerability in A WP Life Video Gallery - Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery - Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through 1.5.3.2024-05-064.3CVE-2024-34377
audit@patchstack.com
addonmaster -- post_grid_masterImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8.2024-05-066.5CVE-2024-34390
audit@patchstack.com
addonmaster -- post_grid_masterMissing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7.2024-05-065.3CVE-2024-34372
audit@patchstack.com
af_themes -- wp_post_authorMissing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4.2024-05-064.3CVE-2024-34387
audit@patchstack.com
af_themes -- wp_post_authorMissing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4.2024-05-064.3CVE-2024-34389
audit@patchstack.com
aipost -- ai_wp_writerMissing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through 3.6.5.2024-05-085.3CVE-2024-30459
audit@patchstack.com
alttext.ai -- download_alt_text_aiImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AltText.Ai Download Alt Text AI allows Stored XSS.This issue affects Download Alt Text AI: from n/a through 1.3.4.2024-05-065.9CVE-2024-34366
audit@patchstack.com
amp-mode -- debug_infoImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debug Info allows Stored XSS.This issue affects Debug Info: from n/a through 1.3.10.2024-05-085.9CVE-2024-34565
audit@patchstack.com
apache_software_foundation -- apache_supersetAn authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.2024-05-074.3CVE-2024-28148
security@apache.org
appsbd -- viteposMissing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1.2024-05-084.3CVE-2024-33574
audit@patchstack.com
barpachuk -- clickcease_click_fraud_protectionThe ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access and above, to retrieve the plugin's configured API keys.2024-05-074.3CVE-2023-6810
security@wordfence.com
security@wordfence.com
basecamp -- trixTrix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application. Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content.2024-05-075.4CVE-2024-34341
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
bluenet_technology -- clinical_browsing_systemA vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263498 is the identifier assigned to this vulnerability.2024-05-086.3CVE-2024-4653
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
bluenet_technology -- clinical_browsing_systemA vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263499.2024-05-086.3CVE-2024-4654
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
breakdance -- breakdanceThe Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-05-066.4CVE-2023-6854
security@wordfence.com
security@wordfence.com
codesys -- codesys_development_system_v2.3An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability.2024-05-065.5CVE-2023-49676
info@cert.vde.com
creative_interactive_media -- 3d_flipbook,_pdf_viewer,_pdf_embedder_-_real_3d_flipbook_wordpress_pluginImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder - Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder - Real 3D FlipBook WordPress Plugin: from n/a through 3.71.2024-05-085.9CVE-2024-34561
audit@patchstack.com
dell -- data_manager_appliance_software_(dmas)Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem.2024-05-086.5CVE-2024-24908
security_alert@emc.com
eclipse_foundation -- edcIn Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. When using a custom, OAuth2-protected data sink, the OAuth2-specific data address properties are resolved by the provider data plane. Problematically, the consumer-provided clientSecretKey, which indicates the OAuth2 client secret to retrieve from a secrets vault, is resolved in the context of the provider's vault, not the consumer. This secret's value is then sent to the tokenUrl, also consumer-controlled, as part of an OAuth2 client credentials grant. The returned access token is then sent as a bearer token to the data sink URL. This feature is now disabled entirely, because not all code paths necessary for a successful realization were fully implemented.2024-05-076.8CVE-2024-4536
emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
eprolo -- eprolo_dropshippingMissing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1.2024-05-084.3CVE-2024-33573
audit@patchstack.com
f5 -- big-ipUnder certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-05-086.5CVE-2024-32761
f5sirt@f5.com
f5 -- big-ipA reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-05-086.1CVE-2024-33604
f5sirt@f5.com
f5 -- big-ipWhen an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-05-085.9CVE-2024-28889
f5sirt@f5.com
f5 -- big-ipA DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-05-084.7CVE-2024-27202
f5sirt@f5.com
f5 -- big-ip_next_central_managerAn improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-05-086.8CVE-2024-33612
f5sirt@f5.com
f5 -- big-ip_next_cnfExposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-05-084.4CVE-2024-28132
f5sirt@f5.com
faraday -- gm8181A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-263305 was assigned to this vulnerability.2024-05-075.3CVE-2024-4583
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
faraday -- gm8181A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-075.3CVE-2024-4584
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fedora -- dnf5daemon-serverNo Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service.2024-05-086.5CVE-2024-1930
patrick@puiterwijk.org
goldaddons -- gold_addons_for_elementorImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoldAddons Gold Addons for Elementor allows Stored XSS.This issue affects Gold Addons for Elementor: from n/a through 1.2.9.2024-05-086.5CVE-2024-34563
audit@patchstack.com
gomo -- gee_search_plusImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GOMO gee Search Plus allows Stored XSS.This issue affects gee Search Plus: from n/a through 1.4.4.2024-05-085.9CVE-2024-34560
audit@patchstack.com
habibcoder -- sticky_social_linkImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HabibCoder Sticky Social Link allows Stored XSS.This issue affects Sticky Social Link: from n/a through 1.0.0.2024-05-085.9CVE-2024-34546
audit@patchstack.com
hamid_alinia_-_idehweb -- login_with_phone_numberMissing Authorization vulnerability in Hamid Alinia - idehweb Login with phone number.This issue affects Login with phone number: from n/a through 1.7.18.2024-05-064.3CVE-2024-34371
audit@patchstack.com
hcl_software -- bigfix_complianceDatabase scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.2024-05-076.5CVE-2024-23551
psirt@hcl.com
horearadu -- mesmerize_companionThe Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerize_contact_form' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-05-086.4CVE-2024-3494
security@wordfence.com
security@wordfence.com
ibm -- watson_cp4d_data_storesIBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838.2024-05-076.2CVE-2023-40694
psirt@us.ibm.com
psirt@us.ibm.com
jackdewey -- link_libraryThe Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-05-086.4CVE-2024-4281
security@wordfence.com
security@wordfence.com
johan_van_der_wijk -- content_blocks_(custom_post_widget)Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.0.2024-05-086.5CVE-2024-34566
audit@patchstack.com
joomunited -- wp_latest_postsThe WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.2024-05-085.4CVE-2024-4135
security@wordfence.com
security@wordfence.com
katie_seaborn -- zotpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.9.2024-05-086.5CVE-2024-34569
audit@patchstack.com
leevio -- happy_addons_for_elementorMissing Authorization vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.10.1.2024-05-084.3CVE-2024-24833
audit@patchstack.com
logichunt_inc. -- counter_upImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Inc. Counter Up allows Stored XSS.This issue affects Counter Up: from n/a through 2.2.1.2024-05-086.5CVE-2024-34564
audit@patchstack.com
matthiask -- html-sanitizerhtml-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has been fixed in 2.4.2.2024-05-066.1CVE-2024-34078
security-advisories@github.com
security-advisories@github.com
michael_nelson -- print_my_blogMissing Authorization vulnerability in Michael Nelson Print My Blog.This issue affects Print My Blog: from n/a through 3.26.2.2024-05-065.3CVE-2024-33907
audit@patchstack.com
moveaddons -- move_addons_for_elementorImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.0.2024-05-086.5CVE-2024-34562
audit@patchstack.com
multi-column_tag_map -- multi-column_tag_mapMissing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26.2024-05-086.5CVE-2023-41651
audit@patchstack.com
n/a -- dedecmsA vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263307. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-074.3CVE-2024-4585
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- dedecmsA vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/shops_delivery.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263308. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-074.3CVE-2024-4586
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- dedecmsA vulnerability was found in DedeCMS 5.7 and classified as problematic. This issue affects some unknown processing of the file /src/dede/tpl.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263309 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-074.3CVE-2024-4587
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- dedecmsA vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/mytag_add.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263310 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-074.3CVE-2024-4588
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- dedecmsA vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/mytag_edit.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263311. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-074.3CVE-2024-4589
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- dedecmsA vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sys_info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263312. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-074.3CVE-2024-4590
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- dedecmsA vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-074.3CVE-2024-4591
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- dedecmsA vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-074.3CVE-2024-4592
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- dedecmsA vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-074.3CVE-2024-4593
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- dedecmsA vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/sys_safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-074.3CVE-2024-4594
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- semcmsA vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263317 was assigned to this vulnerability.2024-05-076.3CVE-2024-4595
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nobita -- raindropsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nobita allows Stored XSS.This issue affects raindrops: from n/a through 1.600.2024-05-086.5CVE-2024-34414
audit@patchstack.com
noor_alam -- magical_addons_for_elementorImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.34.2024-05-086.5CVE-2024-34547
audit@patchstack.com
octopus_deploy -- octopus_serverIn affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.2024-05-084.1CVE-2024-4456
security@octopus.com
oisf -- suricataSuricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.2024-05-075.3CVE-2024-32664
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
oisf -- suricataSuricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.2024-05-075.3CVE-2024-32867
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
ollybach -- wppizzaMissing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10.2024-05-066.5CVE-2024-33576
audit@patchstack.com
open-xchange_gmbh -- ox_app_suiteE-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known.2024-05-066.5CVE-2024-23186
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
open-xchange_gmbh -- ox_app_suiteContent-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known.2024-05-066.5CVE-2024-23187
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
open-xchange_gmbh -- ox_app_suiteMaliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding attachment information to the web interface. No publicly available exploits are known.2024-05-066.5CVE-2024-23188
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
open-xchange_gmbh -- ox_app_suiteE-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions. No publicly available exploits are known.2024-05-065.3CVE-2024-23193
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
openharmony -- openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.2024-05-076.5CVE-2024-27217
scy@openharmony.io
openharmony -- openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free.2024-05-076.5CVE-2024-3759
scy@openharmony.io
openharmony -- openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference.2024-05-075.2CVE-2024-23808
scy@openharmony.io
openharmony -- openharmony
 
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow.2024-05-076.5CVE-2024-3758
scy@openharmony.io
opentext -- netiq_identity_console An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address.2024-05-075.8CVE-2023-7240
security@opentext.com
pallets -- jinjaJinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.2024-05-065.4CVE-2024-34064
security-advisories@github.com
security-advisories@github.com
panasonic_holdings_corporation -- kw_watcherA buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may allow attackers malicious read access to memory.2024-05-084.4CVE-2024-4162
product-security@gg.jp.panasonic.com
pootlepress -- pootle_pagebuilder_-_wordpress_page_builderImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pootlepress Pootle Pagebuilder - WordPress Page builder allows Stored XSS.This issue affects Pootle Pagebuilder - WordPress Page builder: from n/a through 5.7.1.2024-05-086.5CVE-2024-34573
audit@patchstack.com
posimyth -- the_plus_addons_for_elementor_page_builder_liteImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.4.2.2024-05-066.5CVE-2024-34373
audit@patchstack.com
propertyhive -- propertyhiveImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10.2024-05-066.5CVE-2024-34381
audit@patchstack.com
qualcomm,_inc. -- snapdragonMemory corruption when multiple listeners are being registered with the same file descriptor.2024-05-066.7CVE-2023-43521
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption when the bandpass filter order received from AHAL is not within the expected range.2024-05-066.7CVE-2023-43524
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption while copying the sound model data from user to kernel buffer during sound model register.2024-05-066.7CVE-2023-43525
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption while querying module parameters from Listen Sound model client in kernel from user space.2024-05-066.7CVE-2023-43526
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonInformation disclosure while parsing dts header atom in Video.2024-05-066.8CVE-2023-43527
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonInformation disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.2024-05-066.1CVE-2023-43528
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption in HLOS while checking for the storage type.2024-05-065.9CVE-2023-43530
product-security@qualcomm.com
quantumcloud -- conversational_forms_for_chatbotImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0.2024-05-065.9CVE-2024-34380
audit@patchstack.com
quomodosoft -- elementsready_addons_for_elementorImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 5.8.0.2024-05-066.5CVE-2024-34374
audit@patchstack.com
rara_theme -- restaurant_and_cafeCross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.This issue affects Restaurant and Cafe: from n/a through 1.2.1.2024-05-064.3CVE-2024-34379
audit@patchstack.com
realmag777 -- wolfImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through 1.0.8.2.2024-05-085.9CVE-2024-34558
audit@patchstack.com
red_hat -- red_hat_enterprise_linux_6A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.2024-05-086.2CVE-2024-4418
secalert@redhat.com
secalert@redhat.com
robosoft -- robo_galleryExposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18.2024-05-065.3CVE-2024-34382
audit@patchstack.com
ruijie -- rg-uacA vulnerability was found in Ruijie RG-UAC up to 20240428. It has been classified as critical. Affected is an unknown function of the file /view/IPV6/ipv6StaticRoute/static_route_edit_ipv6.php. The manipulation of the argument oldipmask/oldgateway/olddevname leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263112. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-064.7CVE-2024-4508
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ruijie -- rg-uacA vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263113 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-064.7CVE-2024-4509
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ruijie -- rg-uacA vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/networkConfig/ArpTable/arp_add_commit.php. The manipulation of the argument text_ip_addr/text_mac_addr leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263114 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-064.7CVE-2024-4510
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ruijie -- rg-uac

 
A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the argument text_prefixlen/text_gateway/devname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263111. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-064.7CVE-2024-4507
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
samsung_mobile -- galaxy_storeImproper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.2024-05-075.1CVE-2024-20870
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesUse after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.2024-05-076CVE-2024-20861
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesOut-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.2024-05-076CVE-2024-20862
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesOut of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.2024-05-076.7CVE-2024-20863
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesAuthentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images.2024-05-076.6CVE-2024-20865
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege.2024-05-075.5CVE-2024-20859
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.2024-05-075.5CVE-2024-20864
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesAuthentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step.2024-05-075.7CVE-2024-20866
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.2024-05-075.5CVE-2024-20867
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies.2024-05-075.5CVE-2024-20869
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesA vulnerability possible to reconfigure OTP allows local attackers to transit RMA(Return Merchandise Authorization) mode, which disables security features. This attack needs additional privilege to control TEE.2024-05-074.4CVE-2024-20821
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario.2024-05-074.3CVE-2024-20856
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.2024-05-074CVE-2024-20857
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.2024-05-074CVE-2024-20858
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission.2024-05-074CVE-2024-20860
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions.2024-05-074.4CVE-2024-20868
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection.2024-05-074.9CVE-2024-20871
mobile.security@samsung.com
samsung_mobile -- talkbackseImproper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE.2024-05-076.2CVE-2024-20872
mobile.security@samsung.com
shanghai_sunfull_automation -- bacnet_server_hmi1002-armA vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263115. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-05-066.3CVE-2024-4511
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
slicewp -- slicewpImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SliceWP allows Stored XSS.This issue affects SliceWP: from n/a through 1.1.10.2024-05-065.9CVE-2024-34413
audit@patchstack.com
socomec -- net_visionAn incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value.2024-05-076.7CVE-2024-4601
cve-coordination@incibe.es
supsystic -- digital_publications_by_supsysticMissing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7.2024-05-065.3CVE-2024-33910
audit@patchstack.com
the_seo_guys_at_seopress -- seopressAuthorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1.2024-05-065.3CVE-2024-34383
audit@patchstack.com
theme_freesia -- edgeImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9.2024-05-066.5CVE-2024-34376
audit@patchstack.com
themegrill -- himalayasImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.0.2024-05-086.5CVE-2024-34571
audit@patchstack.com
themehunk -- advance_wordpress_search_pluginMissing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4.2024-05-086.5CVE-2022-40218
audit@patchstack.com
themeprix -- fancy_elementor_flipboxImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePrix Fancy Elementor Flipbox fancy-elementor-flipbox allows Stored XSS.This issue affects Fancy Elementor Flipbox: from n/a through 2.4.2.2024-05-086.5CVE-2024-34572
audit@patchstack.com
themeqx -- letterpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Mooberry Dreams Mooberry Book Manager.This issue affects Mooberry Book Manager: from n/a through 4.15.12.2024-05-065.3CVE-2024-34368
audit@patchstack.com
themeqx -- letterpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1.2024-05-085.9CVE-2024-34568
audit@patchstack.com
themesgrove -- widgetkitImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.4.8.2024-05-086.5CVE-2024-34548
audit@patchstack.com
themesgrove -- widgetkitMissing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0.2024-05-065.3CVE-2024-33908
audit@patchstack.com
tilda_publishing -- tilda_publishingMissing Authorization vulnerability in Tilda Publishing.This issue affects Tilda Publishing: from n/a through 0.3.23.2024-05-076.3CVE-2023-31234
audit@patchstack.com
tyche_softwares -- print_invoice_&_delivery_notes_for_woocommerceMissing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3.2024-05-084.3CVE-2024-4233
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
vitessio -- vitessVitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.2024-05-084.9CVE-2024-32886
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
vmware -- vmware_avi_load_balancer
 
 VMware Avi Load Balancer contains an information disclosure vulnerability. A malicious actor with access to the system logs can view cloud connection credentials in plaintext.2024-05-086.5CVE-2024-22266
security@vmware.com
wpmet -- metform_elementor_contact_form_builderMissing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3.2024-05-064.3CVE-2024-33570
audit@patchstack.com
wppool -- sheets_to_wp_table_live_syncImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0.2024-05-065.9CVE-2024-34375
audit@patchstack.com
wpsoul -- table_makerImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpsoul Table Maker allows Stored XSS.This issue affects Table Maker: from n/a through 1.9.1.2024-05-085.9CVE-2024-34574
audit@patchstack.com
xpro -- xpro_elementor_addonsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.3.2024-05-085.9CVE-2024-34570
audit@patchstack.com
N/A -- N/A

 
An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled.2024-05-065.3CVE-2024-34093
cve@mitre.org
cve@mitre.org

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
Ncampcodes -- complete_web-based_school_management_systemA vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263130 is the identifier assigned to this vulnerability.2024-05-063.5CVE-2024-4527
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability.2024-05-063.5CVE-2024-4513
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263118 is the identifier assigned to this vulnerability.2024-05-063.5CVE-2024-4514
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263119.2024-05-063.5CVE-2024-4515
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120.2024-05-063.5CVE-2024-4516
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability.2024-05-063.5CVE-2024-4517
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability.2024-05-063.5CVE-2024-4518
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123.2024-05-063.5CVE-2024-4519
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263124.2024-05-063.5CVE-2024-4521
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263125 was assigned to this vulnerability.2024-05-063.5CVE-2024-4522
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263126 is the identifier assigned to this vulnerability.2024-05-063.5CVE-2024-4523
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263127.2024-05-063.5CVE-2024-4524
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128.2024-05-063.5CVE-2024-4525
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263129 was assigned to this vulnerability.2024-05-063.5CVE-2024-4526
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263490 is the identifier assigned to this vulnerability.2024-05-083.5CVE-2024-4646
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263491.2024-05-083.5CVE-2024-4647
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument std_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263492.2024-05-083.5CVE-2024-4648
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263493 was assigned to this vulnerability.2024-05-083.5CVE-2024-4649
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability.2024-05-083.5CVE-2024-4650
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495.2024-05-083.5CVE-2024-4651
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_web-based_school_management_systemA vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496.2024-05-083.5CVE-2024-4652
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
dell -- data_manager_appliance_software_(dmas)Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.2024-05-082.2CVE-2024-22460
security_alert@emc.com
dell -- update_manager_pluginDell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.2024-05-083.5CVE-2024-28971
security_alert@emc.com
n/a -- kimaiA vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability.2024-05-073.7CVE-2024-4596
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
openharmony -- openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.2024-05-073.3CVE-2024-31078
scy@openharmony.io
openharmony -- openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow.2024-05-073.3CVE-2024-3757
scy@openharmony.io
samsung_mobile -- samsung_mobile_devices
 
Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.2024-05-072.4CVE-2024-20855
mobile.security@samsung.com
sourcecodester -- prison_management_systemA vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/edit-profile.php. The manipulation of the argument txtfullname/txtdob/txtaddress/txtqualification/cmddept/cmdemployeetype/txtappointment leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263116.2024-05-063.5CVE-2024-4512
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- prison_management_systemA vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /Employee/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263488.2024-05-083.5CVE-2024-4644
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- prison_management_systemA vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263489 was assigned to this vulnerability.2024-05-083.5CVE-2024-4645
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- prison_management_systemA vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263131.2024-05-062.4CVE-2024-4528
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
xpdf -- xpdfIn Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.2024-05-062.9CVE-2024-4568
xpdf@xpdfreader.com

Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache_software_foundation -- apache_inlongDeserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0,  the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2]  https://github.com/apache/inlong/pull/97072024-05-08not yet calculatedCVE-2024-26579
security@apache.org
security@apache.org
apache_software_foundation -- apache_ofbizImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.2024-05-08not yet calculatedCVE-2024-32113
security@apache.org
security@apache.org
security@apache.org
security@apache.org
bentley -- viewBentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18960.2024-05-07not yet calculatedCVE-2022-43651
zdi-disclosures@trendmicro.com
bentley -- viewBentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18981.2024-05-07not yet calculatedCVE-2022-43652
zdi-disclosures@trendmicro.com
bentley -- viewBentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. Crafted data in an SKP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19084.2024-05-07not yet calculatedCVE-2022-43653
zdi-disclosures@trendmicro.com
bentley -- viewBentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18491.2024-05-07not yet calculatedCVE-2022-43655
zdi-disclosures@trendmicro.com
bentley -- viewBentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. Crafted data in an FBX file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18492.2024-05-07not yet calculatedCVE-2022-43656
zdi-disclosures@trendmicro.com
bmc -- track-it!BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527.2024-05-07not yet calculatedCVE-2021-35001
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
bmc -- track-it!BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122.2024-05-07not yet calculatedCVE-2021-35002
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
d-link -- dap-2622D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20076.2024-05-07not yet calculatedCVE-2023-35748
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
d-link -- dap-2622D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20077.2024-05-07not yet calculatedCVE-2023-35749
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
d-link -- dap-2622D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20085.2024-05-07not yet calculatedCVE-2023-35757
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
d-link -- dap-2622D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings. Was ZDI-CAN-20104.2024-05-07not yet calculatedCVE-2023-37325
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14355.2024-05-07not yet calculatedCVE-2021-34954
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14356.2024-05-07not yet calculatedCVE-2021-34955
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor Underline Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14357.2024-05-07not yet calculatedCVE-2021-34956
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14358.2024-05-07not yet calculatedCVE-2021-34957
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14359.2024-05-07not yet calculatedCVE-2021-34958
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14360.2024-05-07not yet calculatedCVE-2021-34959
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362.2024-05-07not yet calculatedCVE-2021-34960
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14363.2024-05-07not yet calculatedCVE-2021-34961
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364.2024-05-07not yet calculatedCVE-2021-34962
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365.2024-05-07not yet calculatedCVE-2021-34963
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14366.2024-05-07not yet calculatedCVE-2021-34964
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361.2024-05-07not yet calculatedCVE-2021-34965
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367.2024-05-07not yet calculatedCVE-2021-34966
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14368.2024-05-07not yet calculatedCVE-2021-34967
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_editorFoxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370.2024-05-07not yet calculatedCVE-2021-34968
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Square annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14272.2024-05-07not yet calculatedCVE-2021-34948
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14273.2024-05-07not yet calculatedCVE-2021-34949
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14396.2024-05-07not yet calculatedCVE-2021-34950
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14395.2024-05-07not yet calculatedCVE-2021-34951
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14729.2024-05-07not yet calculatedCVE-2021-34952
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14658.2024-05-07not yet calculatedCVE-2021-34953
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14622.2024-05-07not yet calculatedCVE-2021-34969
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the print method. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14849.2024-05-07not yet calculatedCVE-2021-34970
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14812.2024-05-07not yet calculatedCVE-2021-34971
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14975.2024-05-07not yet calculatedCVE-2021-34972
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14968.2024-05-07not yet calculatedCVE-2021-34973
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15167.2024-05-07not yet calculatedCVE-2021-34974
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15218.2024-05-07not yet calculatedCVE-2021-34975
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
foxit -- pdf_readerFoxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14659.2024-05-07not yet calculatedCVE-2021-34976
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
go_standard_library -- netA malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.2024-05-08not yet calculatedCVE-2024-24788
security@golang.org
security@golang.org
security@golang.org
security@golang.org
go_toolchain -- cmd/goOn Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.2024-05-08not yet calculatedCVE-2024-24787
security@golang.org
security@golang.org
security@golang.org
security@golang.org
google -- androidIn multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2024-05-07not yet calculatedCVE-2024-0022
security@android.com
security@android.com
google -- androidIn multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2024-05-07not yet calculatedCVE-2024-0024
security@android.com
security@android.com
google -- androidIn sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-05-07not yet calculatedCVE-2024-0025
security@android.com
security@android.com
google -- androidIn multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.2024-05-07not yet calculatedCVE-2024-0026
security@android.com
security@android.com
google -- androidIn multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.2024-05-07not yet calculatedCVE-2024-0027
security@android.com
security@android.com
google -- androidIn TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.2024-05-07not yet calculatedCVE-2024-0042
security@android.com
google -- androidIn multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2024-05-07not yet calculatedCVE-2024-0043
security@android.com
security@android.com
google -- androidIn onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-05-07not yet calculatedCVE-2024-23704
security@android.com
security@android.com
google -- androidIn multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2024-05-07not yet calculatedCVE-2024-23705
security@android.com
security@android.com
google -- androidIn multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-05-07not yet calculatedCVE-2024-23706
security@android.com
security@android.com
google -- androidIn multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2024-05-07not yet calculatedCVE-2024-23707
security@android.com
security@android.com
google -- androidIn multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-05-07not yet calculatedCVE-2024-23708
security@android.com
security@android.com
google -- androidIn multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.2024-05-07not yet calculatedCVE-2024-23709
security@android.com
security@android.com
google -- androidIn assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-05-07not yet calculatedCVE-2024-23710
security@android.com
security@android.com
google -- androidIn multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.2024-05-07not yet calculatedCVE-2024-23712
security@android.com
security@android.com
google -- androidIn migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-05-07not yet calculatedCVE-2024-23713
security@android.com
security@android.com
google -- chromeUse after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-05-07not yet calculatedCVE-2024-4558
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chromeHeap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-05-07not yet calculatedCVE-2024-4559
chrome-cve-admin@google.com
chrome-cve-admin@google.com
heateor -- heateor_social_login_wordpressHeateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.2024-05-08not yet calculatedCVE-2024-32674
vultures@jpcert.or.jp
vultures@jpcert.or.jp
hp_inc. -- hp_application_enabling_software_driverA potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.2024-05-06not yet calculatedCVE-2024-1695
hp-security-alert@hp.com
integrated_control_technology -- tsecInsecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption.2024-05-06not yet calculatedCVE-2024-29941
56c94bcb-ac34-4d7f-b660-d297a6b7ff82
knowbe4 -- phish_alert_button_(pab)_for_outlookA medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and integrity of the update server. The application periodically checks for updates by querying a specific URL. However, this process does not enforce strict SSL/TLS verification, nor does it validate the digital signature of the received update files. An attacker with the capability to perform DNS spoofing can exploit this weakness. By manipulating DNS responses, the attacker can redirect the application's update requests to a malicious server under their control. Once the application queries the spoofed update URL, the malicious server can respond with a crafted update package. Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine. Impact: Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4, which addresses this vulnerability by implementing proper SSL/TLS checks of the update server. It is also recommended to ensure DNS settings are secure to prevent DNS spoofing attacks. Workarounds: Use secure corporate networks or VPN services to secure network communications, which can help mitigate the risk of DNS spoofing. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.2024-05-07not yet calculatedCVE-2024-29209
support@hackerone.com
knowbe4 -- phish_alert_button_(pab)_for_outlookA local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an arbitrary server, which can then be exploited in conjunction with CVE-2024-29209 to execute arbitrary code with elevated privileges. The issue stems from improper permission settings on the application's configuration file, which is stored in a common directory accessible to all users. This file includes critical parameters, such as the update server URL. By default, the application does not enforce adequate access controls on this file, allowing non-privileged users to modify it without administrative consent. An attacker with regular user access can alter the update server URL specified in the configuration file to point to a malicious server. When the application performs its next update check, it will contact the attacker-controlled server. If the system is also vulnerable to CVE-2024-29209, the attacker can deliver a malicious update package that, when executed, grants them elevated privileges. Impact: This vulnerability can lead to a regular user executing code with administrative privileges. This can result in unauthorized access to sensitive data, installation of additional malware, and a full takeover of the affected system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: KnowBe4 has released a patch that corrects the permission settings on the configuration file to prevent unauthorized modifications. Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4. Workarounds: Manually set the correct permissions on the configuration file to restrict write access to administrators only. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.2024-05-07not yet calculatedCVE-2024-29210
support@hackerone.com
linux -- kernelLinux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977.2024-05-07not yet calculatedCVE-2021-34981
zdi-disclosures@trendmicro.com
maxon -- cinema_4dMaxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21438.2024-05-07not yet calculatedCVE-2023-40490
zdi-disclosures@trendmicro.com
mediatek,_inc. -- mt2737,_mt6739,_mt6761,_mt6765,_mt6768,_mt6771,_mt6779,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6853t,_mt6855,_mt6873,_mt6877,_mt6879,_mt6880,_mt6883,_mt6885,_mt6886,_mt6889,_mt6890,_mt6893,_mt6895,_mt6897,_mt6980,_mt6983,_mt6985,_mt6989,_mt6990,_mt8167,_mt8167s,_mt8168,_mt8173,_mt8175,_mt8185,_mt8188,_mt8195,_mt8321,_mt8362a,_mt8365,_mt8385,_mt8390,_mt8395,_mt8755,_mt8765,_mt8766,_mt8768,_mt8775,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791,_mt8791t,_mt8797,_mt8798In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.2024-05-06not yet calculatedCVE-2023-32871
security@mediatek.com
mediatek,_inc. -- mt6580,_mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8188,_mt8370,_mt8390In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749.2024-05-06not yet calculatedCVE-2024-20059
security@mediatek.com
mediatek,_inc. -- mt6580,_mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8188,_mt8370,_mt8390In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754.2024-05-06not yet calculatedCVE-2024-20060
security@mediatek.com
mediatek,_inc. -- mt6580,_mt6761,_mt6762,_mt6768,_mt6781,_mt6789,_mt6833,_mt6853,_mt6853t,_mt6855,_mt6873,_mt6875,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6891,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8678,_mt8755,_mt8775,_mt8792,_mt8796In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229.2024-05-06not yet calculatedCVE-2024-20064
security@mediatek.com
mediatek,_inc. -- mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6873,_mt6880,_mt6885,_mt6886,_mt6890,_mt6893,_mt6895,_mt6897,_mt6983,_mt6985,_mt6989,_mt8666,_mt8667,_mt8673,_mt8676,_mt8678In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.2024-05-06not yet calculatedCVE-2024-20056
security@mediatek.com
mediatek,_inc. -- mt6761,_mt6765,_mt6768,_mt6779,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6873,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6897,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881.2024-05-06not yet calculatedCVE-2024-20057
security@mediatek.com
mediatek,_inc. -- mt6761,_mt6765,_mt6768,_mt6833,_mt6853,_mt6855,_mt6893,_mt6895,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID: ALPS08304227.2024-05-06not yet calculatedCVE-2023-32873
security@mediatek.com
mediatek,_inc. -- mt6765,_mt6768,_mt6785,_mt6833,_mt6853,_mt6855,_mt6893,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796,_mt8797,_mt8798In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204.2024-05-06not yet calculatedCVE-2024-20058
security@mediatek.com
mediatek,_inc. -- mt6768,_mt6781,_mt6785,_mt6833,_mt6853,_mt6873,_mt6877,_mt6885,_mt6893,_mt8168,_mt8183,_mt8188,_mt8188t,_mt8195,_mt8195z,_mt8321,_mt8362a,_mt8365,_mt8385,_mt8666,_mt8666a,_mt8666b,_mt8667,_mt8673,_mt8675,_mt8675,_mt8676,_mt8678,_mt8765,_mt8766,_mt8766z,_mt8768,_mt8768a,_mt8768b,_mt8768t,_mt8768z,_mt8781,_mt8781,_mt8786,_mt8788,_mt8788t,_mt8788,_mt8788x,_mt8788z,_mt8792,_mt8795t,_mt8796,_mt8798In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.2024-05-06not yet calculatedCVE-2024-20021
security@mediatek.com
mintplex-labs -- mintplex-labs/anything-llmA race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend.2024-05-07not yet calculatedCVE-2024-2913
security@huntr.dev
netgear -- cax30sNETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the token parameter provided to the sso.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18227.2024-05-07not yet calculatedCVE-2022-43654
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
netgear -- multiple_routersNETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.2024-05-07not yet calculatedCVE-2021-34982
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
netgear -- multiple_routersNETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.2024-05-07not yet calculatedCVE-2021-34983
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
netgear -- r7800NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055.2024-05-07not yet calculatedCVE-2021-34947
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com
node.js -- nodeThe team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.2024-05-07not yet calculatedCVE-2024-27982
support@hackerone.com
openbsd -- kernelOpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14540.2024-05-07not yet calculatedCVE-2021-34999
zdi-disclosures@trendmicro.com
openbsd -- kernelOpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16112.2024-05-07not yet calculatedCVE-2021-35000
zdi-disclosures@trendmicro.com
the_gnu_c_library -- glibcnscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.2024-05-06not yet calculatedCVE-2024-33599
3ff69d7a-14f2-4f67-a097-88dee7810d18
the_gnu_c_library -- glibcnscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.2024-05-06not yet calculatedCVE-2024-33600
3ff69d7a-14f2-4f67-a097-88dee7810d18
the_gnu_c_library -- glibcnscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.2024-05-06not yet calculatedCVE-2024-33601
3ff69d7a-14f2-4f67-a097-88dee7810d18
the_gnu_c_library -- glibcnscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.2024-05-06not yet calculatedCVE-2024-33602
3ff69d7a-14f2-4f67-a097-88dee7810d18
triangle_microworks -- scada_data_gatewayTriangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227.2024-05-07not yet calculatedCVE-2022-0369
zdi-disclosures@trendmicro.com
ubiquiti_inc -- unifi_connect_applicationAn Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.2024-05-07not yet calculatedCVE-2024-29207
support@hackerone.com
ubiquiti_inc -- unifi_connect_ev_stationAn Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Access G2 Reader Pro (Version 1.2.172 and earlier) UniFi Access Reader Pro (Version 2.7.238 and earlier) UniFi Access Intercom (Version 1.0.66 and earlier) UniFi Access Intercom Viewer (Version 1.0.5 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Access G2 Reader Pro Version 1.3.37 or later. Update UniFi Access Reader Pro Version 2.8.19 or later. Update UniFi Access Intercom Version 1.1.32 or later. Update UniFi Access Intercom Viewer Version 1.1.6 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.2024-05-07not yet calculatedCVE-2024-29206
support@hackerone.com
ubiquiti_inc -- update_unifi_connect_ev_stationAn Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.2024-05-07not yet calculatedCVE-2024-29208
support@hackerone.com
unknown -- crelly_sliderThe Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2024-05-06not yet calculatedCVE-2024-3752
contact@wpscan.com
unknown -- easyeventThe EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed2024-05-07not yet calculatedCVE-2024-3628
contact@wpscan.com
unknown -- fancy_product_designerThe Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2024-05-06not yet calculatedCVE-2024-0904
contact@wpscan.com
unknown -- mf_gig_calendarThe MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack2024-05-06not yet calculatedCVE-2024-3756
contact@wpscan.com
unknown -- mf_gig_calendar
 
The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2024-05-06not yet calculatedCVE-2024-3755
contact@wpscan.com
N/A -- N/A

 
Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmware versions up to and including 3.0.0.4.380.8591 allows attackers to run arbitrary code via the WPA Pre-Shared Key field.2024-05-06not yet calculatedCVE-2023-33548
cve@mitre.org
N/A -- N/A

 
Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP.2024-05-07not yet calculatedCVE-2023-46012
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.2024-05-07not yet calculatedCVE-2024-25507
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx.2024-05-07not yet calculatedCVE-2024-25508
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.2024-05-07not yet calculatedCVE-2024-25509
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx.2024-05-07not yet calculatedCVE-2024-25510
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx.2024-05-07not yet calculatedCVE-2024-25511
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx.2024-05-07not yet calculatedCVE-2024-25512
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx.2024-05-07not yet calculatedCVE-2024-25513
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.2024-05-07not yet calculatedCVE-2024-25514
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx.2024-05-08not yet calculatedCVE-2024-25515
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.2024-05-08not yet calculatedCVE-2024-25517
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.2024-05-08not yet calculatedCVE-2024-25518
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.2024-05-08not yet calculatedCVE-2024-25519
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.2024-05-08not yet calculatedCVE-2024-25520
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.2024-05-08not yet calculatedCVE-2024-25521
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.2024-05-08not yet calculatedCVE-2024-25522
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.2024-05-08not yet calculatedCVE-2024-25523
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.2024-05-08not yet calculatedCVE-2024-25524
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.2024-05-08not yet calculatedCVE-2024-25525
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.2024-05-08not yet calculatedCVE-2024-25526
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.2024-05-08not yet calculatedCVE-2024-25527
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.2024-05-08not yet calculatedCVE-2024-25528
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx.2024-05-08not yet calculatedCVE-2024-25529
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.2024-05-08not yet calculatedCVE-2024-25530
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.2024-05-08not yet calculatedCVE-2024-25531
cve@mitre.org
N/A -- N/A

 
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.2024-05-08not yet calculatedCVE-2024-25532
cve@mitre.org
N/A -- N/A

 
Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.2024-05-08not yet calculatedCVE-2024-25533
cve@mitre.org
N/A -- N/A

 
Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message.2024-05-06not yet calculatedCVE-2024-26312
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings.2024-05-06not yet calculatedCVE-2024-28725
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process.2024-05-07not yet calculatedCVE-2024-29149
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to sensitive and protected data in locations that are used for debugging files. Given that the process of gathering debug logs is carried out with root privileges, any file referenced in the symlink is consequently written to the debug archive, thereby granting accessibility to the attacker.2024-05-07not yet calculatedCVE-2024-29150
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc.2024-05-06not yet calculatedCVE-2024-30973
cve@mitre.org
N/A -- N/A

 
A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter.2024-05-08not yet calculatedCVE-2024-31961
cve@mitre.org
N/A -- N/A

 
SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.2024-05-07not yet calculatedCVE-2024-32369
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.2024-05-07not yet calculatedCVE-2024-32370
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0.2024-05-07not yet calculatedCVE-2024-32371
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component.2024-05-06not yet calculatedCVE-2024-33110
cve@mitre.org
N/A -- N/A

 
D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.2024-05-06not yet calculatedCVE-2024-33111
cve@mitre.org
N/A -- N/A

 
D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.2024-05-06not yet calculatedCVE-2024-33112
cve@mitre.org
N/A -- N/A

 
D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.2024-05-06not yet calculatedCVE-2024-33113
cve@mitre.org
N/A -- N/A

 
crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.2024-05-06not yet calculatedCVE-2024-33117
cve@mitre.org
N/A -- N/A

 
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController.2024-05-06not yet calculatedCVE-2024-33118
cve@mitre.org
N/A -- N/A

 
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file.2024-05-07not yet calculatedCVE-2024-33120
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function.2024-05-06not yet calculatedCVE-2024-33121
cve@mitre.org
N/A -- N/A

 
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function.2024-05-07not yet calculatedCVE-2024-33122
cve@mitre.org
N/A -- N/A

 
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function..2024-05-07not yet calculatedCVE-2024-33124
cve@mitre.org
N/A -- N/A

 
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function.2024-05-07not yet calculatedCVE-2024-33139
cve@mitre.org
N/A -- N/A

 
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml.2024-05-07not yet calculatedCVE-2024-33144
cve@mitre.org
N/A -- N/A

 
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function.2024-05-07not yet calculatedCVE-2024-33146
cve@mitre.org
N/A -- N/A

 
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function.2024-05-07not yet calculatedCVE-2024-33147
cve@mitre.org
N/A -- N/A

 
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function.2024-05-07not yet calculatedCVE-2024-33148
cve@mitre.org
N/A -- N/A

 
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function.2024-05-07not yet calculatedCVE-2024-33149
cve@mitre.org
N/A -- N/A

 
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function.2024-05-07not yet calculatedCVE-2024-33153
cve@mitre.org
N/A -- N/A

 
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function.2024-05-07not yet calculatedCVE-2024-33155
cve@mitre.org
N/A -- N/A

 
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function.2024-05-07not yet calculatedCVE-2024-33161
cve@mitre.org
N/A -- N/A

 
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function.2024-05-07not yet calculatedCVE-2024-33164
cve@mitre.org
N/A -- N/A

 
An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component.2024-05-06not yet calculatedCVE-2024-33294
cve@mitre.org
N/A -- N/A

 
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration2024-05-08not yet calculatedCVE-2024-33382
cve@mitre.org
N/A -- N/A

 
A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.2024-05-06not yet calculatedCVE-2024-33403
cve@mitre.org
N/A -- N/A

 
A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.2024-05-06not yet calculatedCVE-2024-33404
cve@mitre.org
N/A -- N/A

 
SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter.2024-05-06not yet calculatedCVE-2024-33405
cve@mitre.org
N/A -- N/A

 
SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.2024-05-06not yet calculatedCVE-2024-33406
cve@mitre.org
N/A -- N/A

 
SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.2024-05-06not yet calculatedCVE-2024-33407
cve@mitre.org
N/A -- N/A

 
A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.2024-05-06not yet calculatedCVE-2024-33408
cve@mitre.org
N/A -- N/A

 
SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.2024-05-06not yet calculatedCVE-2024-33409
cve@mitre.org
N/A -- N/A

 
SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.2024-05-06not yet calculatedCVE-2024-33410
cve@mitre.org
N/A -- N/A

 
A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.2024-05-06not yet calculatedCVE-2024-33411
cve@mitre.org
N/A -- N/A

 
An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering.2024-05-07not yet calculatedCVE-2024-33434
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Cross-site scripting (XSS) vulnerability in the search function in MvnRepository MS Basic 2.1.18.3 and earlier.2024-05-07not yet calculatedCVE-2024-33748
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.2024-05-06not yet calculatedCVE-2024-33749
cve@mitre.org
N/A -- N/A

 
An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code.2024-05-06not yet calculatedCVE-2024-33752
cve@mitre.org
N/A -- N/A

 
Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization.2024-05-06not yet calculatedCVE-2024-33753
cve@mitre.org
N/A -- N/A

 
MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.2024-05-07not yet calculatedCVE-2024-33780
cve@mitre.org
N/A -- N/A

 
MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.2024-05-07not yet calculatedCVE-2024-33781
cve@mitre.org
N/A -- N/A

 
MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.2024-05-07not yet calculatedCVE-2024-33782
cve@mitre.org
N/A -- N/A

 
MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.2024-05-07not yet calculatedCVE-2024-33783
cve@mitre.org
N/A -- N/A

 
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint.2024-05-06not yet calculatedCVE-2024-33788
cve@mitre.org
N/A -- N/A

 
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.2024-05-06not yet calculatedCVE-2024-33829
cve@mitre.org
N/A -- N/A

 
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.2024-05-06not yet calculatedCVE-2024-33830
cve@mitre.org
N/A -- N/A

 
An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.2024-05-07not yet calculatedCVE-2024-33856
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.2024-05-07not yet calculatedCVE-2024-33857
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory.2024-05-07not yet calculatedCVE-2024-33858
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS.2024-05-07not yet calculatedCVE-2024-33859
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.2024-05-07not yet calculatedCVE-2024-33860
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release.2024-05-06not yet calculatedCVE-2024-34092
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors.2024-05-08not yet calculatedCVE-2024-34244
cve@mitre.org
N/A -- N/A

 
wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function "main" in wasm3/platforms/app/main.c.2024-05-06not yet calculatedCVE-2024-34246
cve@mitre.org
N/A -- N/A

 
wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3_compile.c.2024-05-06not yet calculatedCVE-2024-34249
cve@mitre.org
N/A -- N/A

 
A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" function in core/iwasm/interpreter/wasm_loader.c.2024-05-06not yet calculatedCVE-2024-34250
cve@mitre.org
N/A -- N/A

 
An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h.2024-05-06not yet calculatedCVE-2024-34251
cve@mitre.org
N/A -- N/A

 
wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3_compile.c.2024-05-06not yet calculatedCVE-2024-34252
cve@mitre.org
N/A -- N/A

 
jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function.2024-05-08not yet calculatedCVE-2024-34255
cve@mitre.org
N/A -- N/A

 
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.2024-05-08not yet calculatedCVE-2024-34257
cve@mitre.org
N/A -- N/A

 
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.2024-05-07not yet calculatedCVE-2024-34314
cve@mitre.org
N/A -- N/A

 
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.2024-05-07not yet calculatedCVE-2024-34315
cve@mitre.org
N/A -- N/A

 
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.2024-05-07not yet calculatedCVE-2024-34397
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.2024-05-06not yet calculatedCVE-2024-34470
cve@mitre.org
N/A -- N/A

 
An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading.2024-05-06not yet calculatedCVE-2024-34471
cve@mitre.org
N/A -- N/A

 
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database.2024-05-06not yet calculatedCVE-2024-34472
cve@mitre.org
N/A -- N/A

 
The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privileges.2024-05-07not yet calculatedCVE-2024-34517
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2024-05-07not yet calculatedCVE-2024-34523
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content.2024-05-06not yet calculatedCVE-2024-34524
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file.2024-05-06not yet calculatedCVE-2024-34525
cve@mitre.org
N/A -- N/A

 
spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged.2024-05-06not yet calculatedCVE-2024-34527
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.2024-05-06not yet calculatedCVE-2024-34528
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Nebari through 2024.4.1 prints the temporary Keycloak root password.2024-05-06not yet calculatedCVE-2024-34529
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query.2024-05-06not yet calculatedCVE-2024-34532
cve@mitre.org
N/A -- N/A

 
A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute.2024-05-06not yet calculatedCVE-2024-34533
cve@mitre.org
N/A -- N/A

 
A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model.2024-05-06not yet calculatedCVE-2024-34534
cve@mitre.org
N/A -- N/A

 
Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.2024-05-06not yet calculatedCVE-2024-34538
cve@mitre.org
N/A -- N/A

 
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you're not using Windows or haven't changed the temporary directory location then you aren't affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix "700" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.2024-05-07not yet calculatedCVE-2024-4030
cna@python.org
cna@python.org
cna@python.org
cna@python.org

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.