US-CERT Vulnerability Summary for the Week of April 8, 2024
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — adobe_commerce | Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high. | 2024-04-10 | 9 | CVE-2024-20758 [email protected] |
| adobe — adobe_commerce | Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact. | 2024-04-10 | 8.1 | CVE-2024-20759 [email protected] |
| adobe — animate | Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-20795 [email protected] |
| adobe — animate | Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-20797 [email protected] |
| adobe — illustrator | Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-30271 [email protected] |
| adobe — illustrator | Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-30272 [email protected] |
| adobe — illustrator | Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-30273 [email protected] |
| adobe — media_encoder | Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-10 | 7.8 | CVE-2024-20772 [email protected] |
| andy_moyle — church_admin | Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5. | 2024-04-07 | 9.9 | CVE-2024-31280 [email protected] |
| binary-husky — gpt_academic | GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version. | 2024-04-08 | 9.8 | CVE-2024-31224 [email protected] [email protected] [email protected] |
| bitdefender — gravityzone_control_center_(on_premises) | An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 | 2024-04-09 | 8.1 | CVE-2024-2223 [email protected] |
| bitdefender — gravityzone_control_center_(on_premises) | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 | 2024-04-09 | 8.1 | CVE-2024-2224 [email protected] |
| britner — gutenberg_blocks_by_kadence_blocks_-_page_builder_features | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the ‘kadence_import_get_new_connection_data’ AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-04-09 | 8.5 | CVE-2023-6964 [email protected] [email protected] |
| campcodes — church_management_system | A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259904. | 2024-04-10 | 7.3 | CVE-2024-3534 [email protected] [email protected] [email protected] [email protected] |
| campcodes — church_management_system | A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259905 was assigned to this vulnerability. | 2024-04-10 | 7.3 | CVE-2024-3535 [email protected] [email protected] [email protected] [email protected] |
| cbutlerjr — wp-members_membership_plugin | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. This vulnerability was partially patched in version 3.4.9.2, and was fully patched in 3.4.9.3. | 2024-04-09 | 7.2 | CVE-2024-1852 [email protected] [email protected] [email protected] [email protected] |
| codeisawesome — aikit | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CodeIsAwesome AIKit.This issue affects AIKit: from n/a through 4.14.1. | 2024-04-09 | 8.5 | CVE-2024-31370 [email protected] |
| contao — contao | Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages. | 2024-04-09 | 8.3 | CVE-2024-28235 [email protected] [email protected] [email protected] [email protected] [email protected] |
| conveythis — language_translate_widget_for_wordpress_conveythis | The Language Translate Widget for WordPress – ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ parameter in all versions up to, and including, 223 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-11 | 7.2 | CVE-2023-6811 [email protected] [email protected] |
| croixhaug — appointment_booking_calendar_-_simply_schedule_appointments_booking_plugin | The Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2024-2341 [email protected] [email protected] |
| croixhaug — appointment_booking_calendar_-_simply_schedule_appointments_booking_plugin | The Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2024-2342 [email protected] [email protected] |
| customily — customily_product_personalizer | The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. We unfortunately could not get in touch with the vendor through various means to disclose this issue. | 2024-04-09 | 7.2 | CVE-2024-1774 [email protected] [email protected] |
| cym1102 — nginxwebui | A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability. | 2024-04-13 | 7.3 | CVE-2024-3738 [email protected] [email protected] [email protected] [email protected] |
| datafeedrcom — woocommerce_cloak_affiliate_links | The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘permalink_settings_save’ function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin’s affiliate links. | 2024-04-09 | 7.5 | CVE-2024-1308 [email protected] [email protected] [email protected] |
| dattateccom — envÂalosimple:_email_marketing_y_newsletters | The EnvÃaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to upload malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-04-09 | 8.8 | CVE-2024-2125 [email protected] [email protected] |
| dell — alienware_command_center_(awcc) | Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. | 2024-04-10 | 7.4 | CVE-2024-22450 [email protected] |
| devitemsllc — ht_mega_-_absolute_addons_for_elementor | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-04-09 | 8.8 | CVE-2024-1974 [email protected] [email protected] [email protected] |
| diracgrid — dirac | DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process (e.g., when using `dirac-proxy-init`), it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short period of time (sub-millsecond) during the generation process. Version 8.0.41 contains a patch for the issue. As a workaround, setting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written, it can be safely copied to the standard location (`/tmp/x509up_uNNNN`). | 2024-04-09 | 8.1 | CVE-2024-29905 [email protected] [email protected] |
| eclipse_foundation — kura | In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1] | 2024-04-09 | 7.5 | CVE-2024-3046 [email protected] |
| elextensions — elex_woocommerce_dynamic_pricing_and_discounts | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts allows Reflected XSS.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | 2024-04-07 | 7.1 | CVE-2024-31255 [email protected] |
| esphome — esphome | ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue. | 2024-04-11 | 8.1 | CVE-2024-29019 [email protected] [email protected] |
| fastify — fastify-secure-session | @festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided with subsequent requests, it will decrypt the ciphertext to get the data. The plugin then creates a new session with the data in the ciphertext. Thus theoretically the web instance is still accessing the data from a server-side session, but technically that session is generated solely from a user provided cookie (which is assumed to be non-craftable because it is encrypted with a secret key not known to the user). The issue exists in the session removal process. In the delete function of the code, when the session is deleted, it is marked for deletion. However, if an attacker could gain access to the cookie, they could keep using it forever. Version 7.3.0 contains a patch for the issue. As a workaround, one may include a “last update” field in the session, and treat “old sessions” as expired. | 2024-04-10 | 7.4 | CVE-2024-31999 [email protected] [email protected] |
| flipped-aurora — gin-vue-admin | gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the `plugName` parameter. They can create specific folders such as `api`, `config`, `global`, `model`, `router`, `service`, and `main.go` function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter. The main reason for the existence of this vulnerability is the controllability of the PlugName field within the struct. Pseudoversion 0.0.0-20240409100909-b1b7427c6ea6, corresponding to commit b1b7427c6ea6c7a027fa188c6be557f3795e732b, contains a patch for the issue. As a workaround, one may manually use a filtering method available in the GitHub Security Advisory to rectify the directory traversal problem. | 2024-04-09 | 7.7 | CVE-2024-31457 [email protected] [email protected] [email protected] |
| fortinet — forticlientlinux | An improper control of generation of code (‘code injection’) in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website | 2024-04-09 | 9.6 | CVE-2023-45590 [email protected] |
| fortinet — forticlientmac | An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | 2024-04-10 | 8.2 | CVE-2024-31492 [email protected] |
| fortinet — fortios | A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack | 2024-04-09 | 7.5 | CVE-2023-41677 [email protected] |
| fortinet — fortisandbox | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | 2024-04-09 | 8.8 | CVE-2024-21755 [email protected] |
| fortinet — fortisandbox | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | 2024-04-09 | 8.8 | CVE-2024-21756 [email protected] |
| fortinet — fortisandbox | A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 2024-04-09 | 8.1 | CVE-2024-23671 [email protected] |
| funnelkit — funnelkit_checkout | Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | 2024-04-11 | 7.5 | CVE-2023-51672 [email protected] |
| gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. | 2024-04-12 | 8.7 | CVE-2024-2279 [email protected] [email protected] |
| gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims. | 2024-04-12 | 8.7 | CVE-2024-3092 [email protected] [email protected] |
| gowebsmarty — wp_encryption_-_one_click_free_ssl_certificate_&_ssl_/_https_redirect_to_force_https,_security+ | The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys | 2024-04-09 | 7.5 | CVE-2023-7046 [email protected] [email protected] |
| honeywell — c300 | C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | 2024-04-11 | 7.5 | CVE-2023-5392 [email protected] |
| honeywell — experion_server | Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | 2024-04-11 | 7.4 | CVE-2023-5393 [email protected] |
| honeywell — experion_server | Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | 2024-04-11 | 7.4 | CVE-2023-5394 [email protected] |
| ibm — security_verify_access_appliance | IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. | 2024-04-10 | 7.5 | CVE-2024-31871 [email protected] [email protected] |
| ibm — security_verify_access_appliance | IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | 2024-04-10 | 7.5 | CVE-2024-31872 [email protected] [email protected] |
| ibm — security_verify_access_appliance | IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. | 2024-04-10 | 7.5 | CVE-2024-31873 [email protected] [email protected] |
| infotheme — wp_poll_maker | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1. | 2024-04-10 | 7.7 | CVE-2024-31240 [email protected] |
| iosix — io-1020_micro_eld | IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code. | 2024-04-12 | 9.6 | CVE-2024-28878 [email protected] |
| iosix — io-1020_micro_eld | IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device. | 2024-04-12 | 7.4 | CVE-2024-30210 [email protected] |
| iosix — io-1020_micro_eld | IO-1020 Micro ELD web server uses a default password for authentication. | 2024-04-12 | 7.4 | CVE-2024-31069 [email protected] |
| irontec — sngrep | A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of ‘Call-ID’ and ‘X-Call-ID’ SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages. | 2024-04-10 | 9 | CVE-2024-3119 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a |
| irontec — sngrep | A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying ‘Content-Length’ and ‘Warning’ headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages. | 2024-04-10 | 9 | CVE-2024-3120 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a |
| j.n._breetvelt_a.k.a._opajaap — wp_photo_album_plus | Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005. | 2024-04-07 | 9.9 | CVE-2024-31286 [email protected] |
| jokr — network_summary | The Network Summary plugin for WordPress is vulnerable to SQL Injection via the ‘category’ parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 9.8 | CVE-2024-2804 [email protected] [email protected] |
| jordy_meow — ai_engine:_chatgpt_chatbot | Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98. | 2024-04-12 | 10 | CVE-2023-51409 [email protected] |
| jtsternberg — cmb2 | The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Please note that the plugin is a developer toolkit. For the vulnerability to become exploitable, the presence of a metabox activation in your code (via functions.php for example) is required. | 2024-04-09 | 7.5 | CVE-2024-1792 [email protected] [email protected] |
| juniper_networks — junos_os | An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2; Junos OS Evolved: * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO; * 21.2-EVO versions earlier than 21.2R3-S7-EVO; * 21.3-EVO versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO; This issue does not affect Juniper Networks * Junos OS versions earlier than 20.4R1; * Junos OS Evolved versions earlier than 20.4R1-EVO. This is a related but separate issue than the one described in JSA79095. | 2024-04-12 | 7.5 | CVE-2024-21598 [email protected] [email protected] |
| juniper_networks — junos_os | An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS). This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below). This issue affects: Junos OS: * all versions before 20.4R3-S10, * from 21.2 before 21.2R3-S8, * from 21.3 before 21.3R3, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2; Junos OS Evolved: * all versions before 21.2R3-S8-EVO, * from 21.3 before 21.3R3-EVO, * from 21.4 before 21.4R3-EVO, * from 22.1 before 22.1R2-EVO. | 2024-04-12 | 7.5 | CVE-2024-30382 [email protected] [email protected] |
| juniper_networks — junos_os | A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S6, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S3, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S2, 22.3R3, * from 22.4 before 22.4R2-S1, 22.4R3. | 2024-04-12 | 7.5 | CVE-2024-30392 [email protected] [email protected] |
| juniper_networks — junos_os | A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * all versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. | 2024-04-12 | 7.5 | CVE-2024-30394 [email protected] [email protected] |
| juniper_networks — junos_os | An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R1-S2, 23.2R2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. This is a related but separate issue than the one described in JSA75739 | 2024-04-12 | 7.5 | CVE-2024-30395 [email protected] [email protected] |
| juniper_networks — junos_os | An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. This CPU utilization of pkid can be checked using this command: root@srx> show system processes extensive | match pkid xxxxx  root  103  0  846M  136M  CPU1  1 569:00 100.00% pkid This issue affects: Juniper Networks Junos OS All versions prior to 20.4R3-S10; 21.2 versions prior to 21.2R3-S7; 21.4 versions prior to 21.4R3-S5; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S3; 22.3 versions prior to 22.3R3-S1; 22.4 versions prior to 22.4R3; 23.2 versions prior to 23.2R1-S2, 23.2R2. | 2024-04-12 | 7.5 | CVE-2024-30397 [email protected] [email protected] |
| juniper_networks — junos_os | An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state. This issue affects Junos OS: 21.2 before 21.2R3-S7, 21.4 before 21.4R3-S6, 22.1 before 22.1R3-S5, 22.2 before 22.2R3-S3, 22.3 before 22.3R3-S2, 22.4 before 22.4R3, 23.2 before 23.2R1-S2, 23.2R2. | 2024-04-12 | 7.5 | CVE-2024-30398 [email protected] [email protected] |
| juniper_networks — junos_os | An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2. | 2024-04-12 | 7.5 | CVE-2024-30405 [email protected] [email protected] |
| juniper_networks — paragon_active_assurance | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The “netrounds-probe-login” daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center. This issue affects Paragon Active Assurance: 4.1.0, 4.2.0. | 2024-04-12 | 8.4 | CVE-2024-30381 [email protected] [email protected] |
| juniper_networks_inc. — crpd | The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected. This issue affects Juniper Networks JCNR: * All versions before 23.4. This issue affects Juniper Networks cRPD: * All versions before 23.4R1. | 2024-04-12 | 8.1 | CVE-2024-30407 [email protected] [email protected] [email protected] |
| levelfourstorefront — shopping_cart_&_ecommerce_store | The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the ‘productid’ attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-12 | 8.8 | CVE-2024-3211 [email protected] [email protected] |
| lg — webos | A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 – 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) – 03.33.85 running on OLED55A23LA | 2024-04-09 | 9.1 | CVE-2023-6318 [email protected] |
| lg — webos | A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. * webOS 4.9.7 – 5.30.40 running on LG43UM7000PLA * webOS 5.5.0 – 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) – 03.33.85 running on OLED55A23LA | 2024-04-09 | 9.1 | CVE-2023-6319 [email protected] |
| lg — webos | A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 – 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB | 2024-04-09 | 9.1 | CVE-2023-6320 [email protected] |
| lg — webos | A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 – 5.30.40 running on LG43UM7000PLA webOS 5.5.0 – 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) – 03.33.85 running on OLED55A23LA | 2024-04-09 | 7.2 | CVE-2023-6317 [email protected] |
| link_whisper — link_whisper_free | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/a through 0.6.8. | 2024-04-11 | 7.1 | CVE-2024-27992 [email protected] |
| linkwhspr — link_whisper_free | The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the ‘mfn-page-items’ post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-04-09 | 8.8 | CVE-2024-2693 [email protected] [email protected] |
| makeplane — plane | Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests. | 2024-04-10 | 9.1 | CVE-2024-31461 [email protected] [email protected] [email protected] [email protected] [email protected] |
| mervb1 — easy_property_listings | The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2024-1893 [email protected] [email protected] [email protected] |
| metagauss — registrationmagic_-_custom_registration_forms_user_registration_payment,_and_user_login | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator | 2024-04-09 | 8.8 | CVE-2024-1991 [email protected] [email protected] [email protected] |
| metagauss — registrationmagic_-_custom_registration_forms_user_registration_payment,_and_user_login | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2024-1990 [email protected] [email protected] [email protected] |
| microsoft — azure_ai_search | Azure AI Search Information Disclosure Vulnerability | 2024-04-09 | 7.3 | CVE-2024-29063 [email protected] |
| microsoft — azure_cyclecloud_8.6.0 | Azure CycleCloud Elevation of Privilege Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29993 [email protected] |
| microsoft — azure_kubernetes_service | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | 2024-04-09 | 9 | CVE-2024-29990 [email protected] |
| microsoft — azure_monitor | Azure Monitor Agent Elevation of Privilege Vulnerability | 2024-04-09 | 8.4 | CVE-2024-29989 [email protected] |
| microsoft — microsoft_365_apps_for_enterprise | Microsoft Excel Remote Code Execution Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26257 [email protected] |
| microsoft — microsoft_defender_for_iot | Microsoft Defender for IoT Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-21323 [email protected] |
| microsoft — microsoft_defender_for_iot | Microsoft Defender for IoT Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29053 [email protected] |
| microsoft — microsoft_defender_for_iot | Microsoft Defender for IoT Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-21322 [email protected] |
| microsoft — microsoft_defender_for_iot | Microsoft Defender for IoT Elevation of Privilege Vulnerability | 2024-04-09 | 7.2 | CVE-2024-21324 [email protected] |
| microsoft — microsoft_defender_for_iot | Microsoft Defender for IoT Elevation of Privilege Vulnerability | 2024-04-09 | 7.2 | CVE-2024-29054 [email protected] |
| microsoft — microsoft_defender_for_iot | Microsoft Defender for IoT Elevation of Privilege Vulnerability | 2024-04-09 | 7.2 | CVE-2024-29055 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28908 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28910 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28911 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28913 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28915 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28929 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28930 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28935 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28939 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29044 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29047 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29048 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29982 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29983 [email protected] |
| microsoft — microsoft_sql_server_2019_(cu_25) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 7.5 | CVE-2024-29045 [email protected] |
| microsoft — microsoft_sql_server_2019_(gdr) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28927 [email protected] |
| microsoft — microsoft_sql_server_2019_(gdr) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28937 [email protected] |
| microsoft — microsoft_sql_server_2019_(gdr) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28940 [email protected] |
| microsoft — microsoft_sql_server_2019_(gdr) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28941 [email protected] |
| microsoft — microsoft_sql_server_2019_(gdr) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28943 [email protected] |
| microsoft — microsoft_sql_server_2019_(gdr) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28944 [email protected] |
| microsoft — microsoft_sql_server_2019_(gdr) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28945 [email protected] |
| microsoft — microsoft_sql_server_2019_(gdr) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29046 [email protected] |
| microsoft — microsoft_sql_server_2019_(gdr) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29984 [email protected] |
| microsoft — microsoft_sql_server_2019_(gdr) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29985 [email protected] |
| microsoft — microsoft_sql_server_2022_for_(cu_12) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28906 [email protected] |
| microsoft — microsoft_sql_server_2022_for_(cu_12) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28909 [email protected] |
| microsoft — microsoft_sql_server_2022_for_(cu_12) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28912 [email protected] |
| microsoft — microsoft_sql_server_2022_for_(cu_12) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28914 [email protected] |
| microsoft — microsoft_sql_server_2022_for_(cu_12) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28926 [email protected] |
| microsoft — microsoft_sql_server_2022_for_(cu_12) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28931 [email protected] |
| microsoft — microsoft_sql_server_2022_for_(cu_12) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28932 [email protected] |
| microsoft — microsoft_sql_server_2022_for_(cu_12) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28934 [email protected] |
| microsoft — microsoft_sql_server_2022_for_(cu_12) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28936 [email protected] |
| microsoft — microsoft_sql_server_2022_for_(cu_12) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28938 [email protected] |
| microsoft — microsoft_sql_server_2022_for_(cu_12) | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28942 [email protected] |
| microsoft — microsoft_sql_server_2022_for_(cu_12) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29043 [email protected] |
| microsoft — microsoft_visual_studio_2019_version_16.11_(includes_16.0_-_16.10) | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28933 [email protected] |
| microsoft — microsoft_visual_studio_2022_version_17.9 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 2024-04-09 | 7.3 | CVE-2024-21409 [email protected] |
| microsoft — outlook_for_windows | Outlook for Windows Spoofing Vulnerability | 2024-04-09 | 8.1 | CVE-2024-20670 [email protected] |
| microsoft — windows_10_version_1809 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-20678 [email protected] |
| microsoft — windows_10_version_1809 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26179 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 8 | CVE-2024-26180 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 8 | CVE-2024-26189 [email protected] |
| microsoft — windows_10_version_1809 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26200 [email protected] |
| microsoft — windows_10_version_1809 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26205 [email protected] |
| microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26210 [email protected] |
| microsoft — windows_10_version_1809 | Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26214 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 8 | CVE-2024-26240 [email protected] |
| microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26244 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 8 | CVE-2024-28925 [email protected] |
| microsoft — windows_10_version_1809 | Windows Cryptographic Services Remote Code Execution Vulnerability | 2024-04-09 | 8.4 | CVE-2024-29050 [email protected] |
| microsoft — windows_10_version_1809 | SmartScreen Prompt Security Feature Bypass Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29988 [email protected] |
| microsoft — windows_10_version_1809 | Windows Kernel Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-20693 [email protected] |
| microsoft — windows_10_version_1809 | Microsoft Install Service Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26158 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26175 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.4 | CVE-2024-26194 [email protected] |
| microsoft — windows_10_version_1809 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26208 [email protected] |
| microsoft — windows_10_version_1809 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26211 [email protected] |
| microsoft — windows_10_version_1809 | Windows Kernel Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26218 [email protected] |
| microsoft — windows_10_version_1809 | HTTP.sys Denial of Service Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26219 [email protected] |
| microsoft — windows_10_version_1809 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 2024-04-09 | 7.3 | CVE-2024-26232 [email protected] |
| microsoft — windows_10_version_1809 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26237 [email protected] |
| microsoft — windows_10_version_1809 | Windows Telephony Server Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26239 [email protected] |
| microsoft — windows_10_version_1809 | Win32k Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26241 [email protected] |
| microsoft — windows_10_version_1809 | Windows Telephony Server Elevation of Privilege Vulnerability | 2024-04-09 | 7 | CVE-2024-26242 [email protected] |
| microsoft — windows_10_version_1809 | Windows SMB Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26245 [email protected] |
| microsoft — windows_10_version_1809 | Windows Kerberos Elevation of Privilege Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26248 [email protected] |
| microsoft — windows_10_version_1809 | Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26254 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.5 | CVE-2024-28896 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.8 | CVE-2024-28920 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.8 | CVE-2024-29061 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.1 | CVE-2024-29062 [email protected] |
| microsoft — windows_11_version_22h2 | libarchive Remote Code Execution Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26256 [email protected] |
| microsoft — windows_server_2012 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.1 | CVE-2024-20688 [email protected] |
| microsoft — windows_server_2012 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.1 | CVE-2024-20689 [email protected] |
| microsoft — windows_server_2019 | DHCP Server Service Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26195 [email protected] |
| microsoft — windows_server_2019 | DHCP Server Service Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26202 [email protected] |
| microsoft — windows_server_2019 | DHCP Server Service Denial of Service Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26212 [email protected] |
| microsoft — windows_server_2019 | DHCP Server Service Denial of Service Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26215 [email protected] |
| microsoft — windows_server_2019 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | 2024-04-09 | 7.3 | CVE-2024-26216 [email protected] |
| microsoft — windows_server_2019 | Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26221 [email protected] |
| microsoft — windows_server_2019 | Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26222 [email protected] |
| microsoft — windows_server_2019 | Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26223 [email protected] |
| microsoft — windows_server_2019 | Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26224 [email protected] |
| microsoft — windows_server_2019 | Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26227 [email protected] |
| microsoft — windows_server_2019 | Windows Cryptographic Services Security Feature Bypass Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26228 [email protected] |
| microsoft — windows_server_2019 | Windows CSC Service Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26229 [email protected] |
| microsoft — windows_server_2019 | Windows Telephony Server Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26230 [email protected] |
| microsoft — windows_server_2019 | Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26231 [email protected] |
| microsoft — windows_server_2019 | Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26233 [email protected] |
| microsoft — windows_server_2019 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-29066 [email protected] |
| microsoft — windows_server_2022,_23h2_edition_(server_core_installation) | Microsoft Brokering File System Elevation of Privilege Vulnerability | 2024-04-09 | 7 | CVE-2024-26213 [email protected] |
| microsoft — windows_server_2022,_23h2_edition_(server_core_installation) | Windows Update Stack Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26235 [email protected] |
| microsoft — windows_server_2022,_23h2_edition_(server_core_installation) | Windows Update Stack Elevation of Privilege Vulnerability | 2024-04-09 | 7 | CVE-2024-26236 [email protected] |
| microsoft — windows_server_2022,_23h2_edition_(server_core_installation) | Microsoft Brokering File System Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-28904 [email protected] |
| microsoft — windows_server_2022,_23h2_edition_(server_core_installation) | Microsoft Brokering File System Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-28905 [email protected] |
| microsoft — windows_server_2022,_23h2_edition_(server_core_installation) | Microsoft Brokering File System Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-28907 [email protected] |
| microsoft — windows_server_2022 | Windows Authentication Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-21447 [email protected] |
| microsoft — windows_server_2022 | Windows USB Print Driver Elevation of Privilege Vulnerability | 2024-04-09 | 7 | CVE-2024-26243 [email protected] |
| microsoft — windows_server_2022 | Windows Storage Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-29052 [email protected] |
| moove_agency — import_xml_and_rss_feeds | Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5. | 2024-04-07 | 7.2 | CVE-2024-31292 [email protected] |
| n/a — csmock | A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers. | 2024-04-10 | 7.6 | CVE-2024-2243 [email protected] [email protected] |
| n/a — eap | A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if a cached token should be used or not. This logic needs to be updated to take into account the new “provider-url” option in addition to the “realm” option. | 2024-04-10 | 7.3 | CVE-2023-6236 [email protected] [email protected] |
| n/a — eap | A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability. | 2024-04-09 | 7.3 | CVE-2024-1233 [email protected] [email protected] |
| n/a — mysql2 | Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. | 2024-04-11 | 9.8 | CVE-2024-21508 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| n/a — ofono | A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver(). | 2024-04-10 | 8.1 | CVE-2023-2794 [email protected] |
| n/a — qemu | A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. | 2024-04-09 | 8.2 | CVE-2024-3446 [email protected] [email protected] [email protected] |
| nerdpressteam — hubbub_lite_-_fast_reliable_social_sharing_buttons | The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the ‘dpsp_maybe_unserialize’ function. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-04-09 | 7.5 | CVE-2024-2501 [email protected] [email protected] [email protected] [email protected] |
| netdata — netdata | Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-04-12 | 8.8 | CVE-2024-32019 [email protected] [email protected] |
| nozomi_networks — guardian | Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation. | 2024-04-10 | 7.2 | CVE-2023-6916 [email protected] |
| nozomi_networks — guardian | A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets. Network traffic may not be analyzed until the IDS module is restarted. | 2024-04-10 | 7.5 | CVE-2024-0218 [email protected] |
| nvidia — chatrtx | NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering | 2024-04-08 | 8.2 | CVE-2024-0082 [email protected] |
| octopus_deploy — octopus_server | A race condition was identified through which privilege escalation was possible in certain configurations. | 2024-04-09 | 8.8 | CVE-2024-2975 [email protected] |
| opengnsys — opengnsys | SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database. | 2024-04-12 | 9.8 | CVE-2024-3704 [email protected] |
| opengnsys — opengnsys | Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint ‘/opengnsys/images/M_Icons.php’ modifying the file extension, due to lack of file extension verification, resulting in a webshell injection. | 2024-04-12 | 8.8 | CVE-2024-3705 [email protected] |
| opentext — arcsight_management_center | A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. | 2024-04-08 | 8.7 | CVE-2024-2834 [email protected] |
| palo_alto_networks — pan-os | A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 2024-04-12 | 10 | CVE-2024-3400 [email protected] [email protected] [email protected] |
| palo_alto_networks — pan-os | A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled. | 2024-04-10 | 7.5 | CVE-2024-3382 [email protected] |
| palo_alto_networks — pan-os | A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules. | 2024-04-10 | 7.4 | CVE-2024-3383 [email protected] |
| palo_alto_networks — pan-os | A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. | 2024-04-10 | 7.5 | CVE-2024-3384 [email protected] |
| palo_alto_networks — pan-os | A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: – PA-5400 Series firewalls – PA-7000 Series firewalls | 2024-04-10 | 7.5 | CVE-2024-3385 [email protected] |
| pencidesign — soledad | Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | 2024-04-09 | 7.1 | CVE-2024-31367 [email protected] |
| phpgurukul — small_crm | A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480. | 2024-04-12 | 7.3 | CVE-2024-3691 [email protected] [email protected] [email protected] [email protected] |
| pickplugins — product_designer | Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32. | 2024-04-07 | 8.7 | CVE-2024-31277 [email protected] |
| planet — igs-4215-16t2s | Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to access some administrative resources due to lack of proper management of the Switch web interface. | 2024-04-11 | 7.7 | CVE-2024-2740 [email protected] |
| planet — igs-4215-16t2s | Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface. | 2024-04-11 | 7.1 | CVE-2024-2741 [email protected] |
| presstigers — simple_job_board | The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code when a submitted job application is viewed. | 2024-04-09 | 9.8 | CVE-2024-1813 [email protected] [email protected] |
| rapidload — rapidload_power-up_for_autoptimize | Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.This issue affects RapidLoad Power-Up for Autoptimize: from n/a through 2.2.11. | 2024-04-07 | 7.2 | CVE-2024-31288 [email protected] |
| redisbloom — redisbloom | RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. | 2024-04-09 | 7 | CVE-2024-25115 [email protected] [email protected] |
| redon-tech — redon-hub | Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch. | 2024-04-08 | 8.8 | CVE-2024-31442 [email protected] [email protected] |
| reservation_diary — redi_restaurant_reservation | Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. | 2024-04-10 | 7.1 | CVE-2024-31299 [email protected] |
| rust-lang — rust | Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected. The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument. On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it’s up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted. One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution. Due to the complexity of `cmd.exe`, we didn’t identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process. The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library’s escaping logic. | 2024-04-09 | 10 | CVE-2024-24576 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| saleswonder.biz — 5_stars_rating_funnel | Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67. | 2024-04-10 | 7.5 | CVE-2024-31358 [email protected] |
| sap_se — sap_asset_accounting | SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API’s. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | 2024-04-09 | 7.2 | CVE-2024-27901 [email protected] [email protected] |
| sap_se — sap_businessobjects_web_intelligence | Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application. | 2024-04-09 | 7.7 | CVE-2024-25646 [email protected] [email protected] |
| sap_se — sap_netweaver_as_java_user_management_engine | Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability. | 2024-04-09 | 8.8 | CVE-2024-27899 [email protected] [email protected] |
| sc0ttkclark — pods_-_custom_content_types_and_fields | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2023-6967 [email protected] [email protected] [email protected] |
| sc0ttkclark — pods_-_custom_content_types_and_fields | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server. | 2024-04-09 | 8.8 | CVE-2023-6999 [email protected] [email protected] [email protected] |
| searchiq — searchiq | Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5. | 2024-04-10 | 7.5 | CVE-2024-31259 [email protected] |
| shapedplugin — carousel,_slider_gallery_by_wp_carousel_-_image_carousel_&_photo_gallery_post_carousel_&_post_grid_product_carousel_&_product_grid_for_woocommerce | The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the ‘shortcode’ parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-04-10 | 7.2 | CVE-2024-3020 [email protected] [email protected] |
| siemens — parasolid_v35.1 | A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. | 2024-04-09 | 7.8 | CVE-2024-26275 [email protected] |
| siemens — scalance_w1748-1_m12 | A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 3 “Override client’s security context” of CVE-2022-47522. Affected devices can be tricked into associating a newly negotiated, attacker-controlled, security context with frames belonging to a victim. This could allow a physically proximate attacker to decrypt frames meant for the victim. | 2024-04-09 | 8.4 | CVE-2024-30191 [email protected] |
| siemens — sinec_nms | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system. | 2024-04-09 | 7.6 | CVE-2024-31978 [email protected] |
| sizam — rehub_framework | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sizam REHub Framework.This issue affects REHub Framework: from n/a before 19.6.2. | 2024-04-07 | 8.5 | CVE-2024-31234 [email protected] |
| sizam — rehub | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1. | 2024-04-07 | 8.5 | CVE-2024-31233 [email protected] |
| skymoonlabs — moveto | Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | 2024-04-11 | 9.8 | CVE-2024-25912 [email protected] |
| smartersite — wp_compress_-_image_optimizer_[all-in-one] | The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wps_local_compress::__construct’ function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset the CDN region and set a malicious URL to deliver images. | 2024-04-09 | 7.5 | CVE-2024-1934 [email protected] [email protected] [email protected] |
| solwin_infotech — user_activity_log | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8. | 2024-04-10 | 7.6 | CVE-2024-31356 [email protected] |
| sonaar_music — mp3_audio_player_for_music_radio_&_podcast_by_sonaar | Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1. | 2024-04-10 | 7.5 | CVE-2024-31343 [email protected] |
| sourcecodester — prison_management_system | A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/login.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259691. | 2024-04-08 | 7.3 | CVE-2024-3438 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — prison_management_system | A vulnerability was found in SourceCodester Prison Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Account/login.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259692. | 2024-04-08 | 7.3 | CVE-2024-3439 [email protected] [email protected] [email protected] [email protected] |
| specialk — simple_ajax_chat_-_add_a_fast,_secure_chat_box | The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field in all versions up to, and including, 20240216 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 7.2 | CVE-2024-2957 [email protected] [email protected] |
| stylemix — masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education | The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the ‘template’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-04-09 | 9.8 | CVE-2024-3136 [email protected] [email protected] [email protected] |
| subnet_solutions — powersystem_server | SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021. | 2024-04-09 | 8.4 | CVE-2024-3313 [email protected] |
| sukhchain_singh — auto_poster | Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2. | 2024-04-07 | 9.1 | CVE-2024-31345 [email protected] |
| techlabpro1 — classified_listing_-_classified_ads_&_business_directory_plugin | The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the ‘rtcl_update_user_account’ function. This makes it possible for unauthenticated attackers to change the administrator user’s password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account. | 2024-04-09 | 8.8 | CVE-2024-1315 [email protected] [email protected] [email protected] |
| themefusion — avada_|_website_builder_for_wordpress_&_woocommerce | The Avada theme for WordPress is vulnerable to SQL Injection via the ‘entry’ parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 7.2 | CVE-2024-2344 [email protected] [email protected] [email protected] |
| themify — post_type_builder_(ptb) | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a through 2.0.8. | 2024-04-09 | 7.1 | CVE-2024-31365 [email protected] |
| themify — post_type_builder_(ptb) | Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8. | 2024-04-09 | 7.1 | CVE-2024-31366 [email protected] |
| thimpress — learnpress_export_import | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3. | 2024-04-07 | 7.6 | CVE-2024-31241 [email protected] |
| tooltip — wordpress_tooltips | Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3. | 2024-04-11 | 7.1 | CVE-2024-31285 [email protected] |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) | A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point. | 2024-04-09 | 8.1 | CVE-2023-49133 [email protected] |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) | A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point. | 2024-04-09 | 8.1 | CVE-2023-49134 [email protected] |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) | A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device’s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability. | 2024-04-09 | 7.5 | CVE-2023-48724 [email protected] |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) | A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | 2024-04-09 | 7.4 | CVE-2023-49074 [email protected] |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | 2024-04-09 | 7.2 | CVE-2023-49906 [email protected] |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | 2024-04-09 | 7.2 | CVE-2023-49907 [email protected] |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | 2024-04-09 | 7.2 | CVE-2023-49908 [email protected] |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | 2024-04-09 | 7.2 | CVE-2023-49909 [email protected] |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | 2024-04-09 | 7.2 | CVE-2023-49910 [email protected] |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | 2024-04-09 | 7.2 | CVE-2023-49911 [email protected] |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | 2024-04-09 | 7.2 | CVE-2023-49912 [email protected] |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | 2024-04-09 | 7.2 | CVE-2023-49913 [email protected] |
| traccar — traccar | Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extension, and partial control over the file name. While it’s not for an attacker to overwrite an existing file, an attacker can create new files with certain names and attacker-controlled extensions anywhere on the file system. This can potentially lead to remote code execution, XSS, DOS, etc. The default install of Traccar makes this vulnerability more severe. Self-registration is enabled by default, allowing anyone to create an account to exploit this vulnerability. Traccar also runs by default with root/system privileges, allowing files to be placed anywhere on the file system. Version 6.0 contains a fix for the issue. One may also turn off self-registration by default, as that would make most vulnerabilities in the application much harder to exploit by default and reduce the severity considerably. | 2024-04-10 | 9.6 | CVE-2024-31214 [email protected] [email protected] [email protected] [email protected] |
| traccar — traccar | Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue. | 2024-04-10 | 8.5 | CVE-2024-24809 [email protected] [email protected] |
| traefik — traefik | Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the “Content-length” request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option. | 2024-04-12 | 7.5 | CVE-2024-28869 [email protected] [email protected] [email protected] [email protected] [email protected] |
| tribulant — slideshow_gallery | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | 2024-04-10 | 8.5 | CVE-2024-31355 [email protected] |
| undsgn — uncode_core | Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8. | 2024-04-12 | 8.8 | CVE-2023-51515 [email protected] |
| webinarpress — webinarpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.9. | 2024-04-07 | 7.1 | CVE-2024-31256 [email protected] |
| wedevs — wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 7.2 | CVE-2024-0952 [email protected] [email protected] |
| welotec — tk515l | An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. | 2024-04-09 | 9.8 | CVE-2023-1083 [email protected] |
| welotec — tk515l | An remote attacker with low privileges can perform a command injection which can lead to root access. | 2024-04-09 | 8.8 | CVE-2023-1082 [email protected] |
| wintercms — wn-dusk-plugin | wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment (such as headless Chrome) to act as a user in the Backend or User plugin without having to go through authentication. This route is `[[URL]]/_dusk/login/[[USER ID]]/[[MANAGER]]` – where `[[URL]]` is the base URL of the site, `[[USER ID]]` is the ID of the user account and `[[MANAGER]]` is the authentication manager (either `backend` for Backend, or `user` for the User plugin). If a configuration of a site using the Dusk plugin is set up in such a way that the Dusk plugin is available publicly and the test cases in Dusk are run with live data, this route may potentially be used to gain access to any user account in either the Backend or User plugin without authentication. As indicated in the `README`, this plugin should only be used in development and should *NOT* be used in a production instance. It is specifically recommended that the plugin be installed as a development dependency only in Composer. In order to remediate this issue, the special routes used above will now no longer be registered unless the `APP_ENV` environment variable is specifically set to `dusk`. Since Winter by default does not use this environment variable and it is not populated by default, it will only exist if Dusk’s automatic configuration is used (which won’t exhibit this vulnerability) or if a developer manually specifies it in their configuration. The automatic configuration performed by the Dusk plugin has also been hardened by default to use sane defaults and not allow external environment variables to leak into this configuration. This will only affect users in which the Winter CMS installation meets ALL the following criteria: 1. The Dusk plugin is installed in the Winter CMS instance. 2. The application is in production mode (ie. the `debug` config value is set to `true` in `config/app.php`). 3. The Dusk plugin’s automatic configuration has been overridden, either by providing a custom `.env.dusk` file or by providing custom configuration in the `config/dusk` folder, or by providing configuration environment variables externally. 4. The environment has been configured to use production data in the database for testing, and not the temporary SQLite database that Dusk uses by default. 5. The application is connectable via the web. This issue has been fixed in version 2.1.0. Users are advised to upgrade. | 2024-04-12 | 8.8 | CVE-2024-32003 [email protected] [email protected] |
| wisdmlabs — edwiser_bridge | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.2. | 2024-04-07 | 7.6 | CVE-2024-31260 [email protected] |
| wpeverest — everest_forms_-_build_contact_forms_surveys_polls_quizzes_newsletter_&_application_forms_and_many_more_with_ease! | The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the ‘font_url’ parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-04-09 | 7.2 | CVE-2024-1812 [email protected] [email protected] |
| wpexperts — wholesale_for_woocommerce | Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | 2024-04-10 | 7.5 | CVE-2024-31297 [email protected] |
| wpmudev — forminator_-_contact_form,_payment_form_&_custom_form_builder | The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 7.2 | CVE-2024-1794 [email protected] [email protected] |
| wpvividplugins — migration_backup_staging_-_wpvivid | WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the tree_node[node][id] parameter. This makes it possible for authenticated attackers, with admin-level access and above, to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-04-12 | 7.2 | CVE-2024-3054 [email protected] [email protected] |
| wpwhitesecurity — wp_activity_log_premium | The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. One demonstrated attack included the injection of a PHP Object. | 2024-04-09 | 8.8 | CVE-2024-2018 [email protected] [email protected] |
| xibosignage — xibo-cms | Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a malicious script into the session page to exfiltrate session IDs and User Agents. These session IDs / User Agents can subsequently be used to hijack active sessions. A malicious script can be injected into the display grid to exfiltrate information related to displays. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Upgrading to a fixed version is necessary to remediate. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this issue. | 2024-04-12 | 8.8 | CVE-2024-29022 [email protected] [email protected] [email protected] [email protected] |
| xibosignage — xibo-cms | Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be granted access to the session page, or be a super admin. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this vulnerability. | 2024-04-12 | 7.2 | CVE-2024-29023 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| xwiki — xwiki-commons | XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn’t escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9 RC1. Apart from upgrading, there is no generic workaround. However, replacing `$escapetool.html` by `$escapetool.xml` in XWiki documents fixes the vulnerability. In a standard XWiki installation, the maintainers are only aware of the document `Panels.PanelLayoutUpdate` that exposes this vulnerability, patching this document is thus a workaround. Any extension could expose this vulnerability and might thus require patching, too. | 2024-04-10 | 10 | CVE-2024-31996 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki’s database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki. | 2024-04-10 | 10 | CVE-2024-31982 [email protected] [email protected] [email protected] [email protected] [email protected] |
| xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the document `XWiki.SearchSuggestSourceSheet`. | 2024-04-10 | 9.9 | CVE-2024-31465 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute. Otherwise, there are no known workarounds aside from upgrading. | 2024-04-10 | 9.9 | CVE-2024-31981 [email protected] [email protected] [email protected] [email protected] [email protected] |
| xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations. | 2024-04-10 | 9.9 | CVE-2024-31983 [email protected] [email protected] [email protected] [email protected] [email protected] |
| xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page. | 2024-04-10 | 9.9 | CVE-2024-31984 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page. | 2024-04-10 | 9 | CVE-2024-31986 [email protected] [email protected] [email protected] [email protected] [email protected] |
| xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading. | 2024-04-10 | 9.9 | CVE-2024-31987 [email protected] [email protected] [email protected] [email protected] [email protected] |
| xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the attacker can get the admin to execute arbitrary XWiki syntax including scripting macros with Groovy or Python code. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9. As a workaround, one may update `RTFrontend.ConvertHTML` manually with the patch. This will, however, break some synchronization processes in the realtime editor, so upgrading should be the preferred way on installations where this editor is used. | 2024-04-10 | 9.6 | CVE-2024-31988 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user’s own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-RC1. No known workarounds are available. | 2024-04-10 | 9.9 | CVE-2024-31997 [email protected] [email protected] [email protected] [email protected] [email protected] |
| yt-dlp — yt-dlp | yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `–exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `–exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `–exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `–exec` other than `{}` (filepath); if expansion in `–exec` is needed, verify the fields you are using do not contain `”`, `|` or `&`; and/or instead of using `–exec`, write the info json and load the fields from it instead. | 2024-04-09 | 8.3 | CVE-2024-22423 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| zauberzeug — nicegui | NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the web server has access to can be read by an attacker with access to the NiceUI leaflet website. This vulnerability has been addressed in version 1.4.21. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-04-12 | 8.2 | CVE-2024-32005 [email protected] [email protected] [email protected] |
Medium Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 10web — form_maker_by_10web_-_mobile-friendly_drag_&_drop_contact_form_builder | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive data including user signatures. | 2024-04-09 | 5.9 | CVE-2024-2112 [email protected] [email protected] |
| adobe — adobe_experience_manager | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-20778 [email protected] |
| adobe — adobe_experience_manager | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-20779 [email protected] |
| adobe — adobe_experience_manager | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-20780 [email protected] |
| adobe — adobe_experience_manager | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26046 [email protected] |
| adobe — adobe_experience_manager | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26047 [email protected] |
| adobe — adobe_experience_manager | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26076 [email protected] |
| adobe — adobe_experience_manager | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26079 [email protected] |
| adobe — adobe_experience_manager | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26084 [email protected] |
| adobe — adobe_experience_manager | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26087 [email protected] |
| adobe — adobe_experience_manager | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26097 [email protected] |
| adobe — adobe_experience_manager | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26098 [email protected] |
| adobe — adobe_experience_manager | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26122 [email protected] |
| adobe — after_effects | After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-10 | 5.5 | CVE-2024-20737 [email protected] |
| adobe — animate | Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause a system crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 5.5 | CVE-2024-20794 [email protected] |
| adobe — animate | Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 5.5 | CVE-2024-20796 [email protected] |
| adobe — bridge | Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 5.5 | CVE-2024-20771 [email protected] |
| adobe — illustrator | Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 5.5 | CVE-2024-20798 [email protected] |
| adobe — indesign_desktop | InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-10 | 5.5 | CVE-2024-20766 [email protected] |
| adobe — photoshop_desktop | Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-10 | 5.5 | CVE-2024-20770 [email protected] |
| aerin — loan_repayment_calculator_and_application_form | Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4. | 2024-04-12 | 5.4 | CVE-2024-31263 [email protected] |
| alex_tselegidis — easy!appointments | Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.2. | 2024-04-11 | 6.3 | CVE-2023-32295 [email protected] |
| aminur_islam — wp_login_and_logout_redirect | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aminur Islam WP Login and Logout Redirect allows Stored XSS.This issue affects WP Login and Logout Redirect: from n/a through 1.2. | 2024-04-11 | 5.9 | CVE-2024-31927 [email protected] |
| appcheap.io — app_builder | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7. | 2024-04-10 | 4.7 | CVE-2024-31282 [email protected] |
| apppresser_team — apppresser | Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. | 2024-04-12 | 4.3 | CVE-2024-31268 [email protected] |
| arnan_de_gans — no-bot_registration | Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1. | 2024-04-12 | 4.3 | CVE-2024-31372 [email protected] |
| athemes — sydney_toolbox | The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3208 [email protected] [email protected] |
| automatic1111 — stable-diffusion-webui | stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access. | 2024-04-12 | 6.3 | CVE-2024-31462 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| automattic — woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2. | 2024-04-07 | 4.3 | CVE-2024-22155 [email protected] |
| automattic — wp_job_manager | Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0. | 2024-04-12 | 5.3 | CVE-2023-52211 [email protected] |
| ayecode_ltd — userswp | Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6. | 2024-04-11 | 5.4 | CVE-2024-31936 [email protected] |
| bdthemes — element_pack_elementor_addons_(header_footer,_template_library,_dynamic_grid_&_carousel,_remote_arrows) | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the element_pack_ajax_search function. This makes it possible for unauthenticated attackers to extract sensitive data including password protected post details. | 2024-04-11 | 5.3 | CVE-2024-2966 [email protected] [email protected] |
| bdthemes — prime_slider_-_addons_for_elementor | Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10. | 2024-04-11 | 4.3 | CVE-2024-24883 [email protected] |
| bdthemes — ultimate_store_kit_elementor_addons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.5.2. | 2024-04-08 | 6.5 | CVE-2024-31357 [email protected] |
| beaver_builder — beaver_themer | The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2023-6694 [email protected] [email protected] |
| beaver_builder — beaver_themer | The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the ‘wpbb’ shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary user_meta values. | 2024-04-09 | 6.5 | CVE-2023-6695 [email protected] [email protected] |
| bestwebsoft — contact_form_by_bestwebsoft_-_advanced_contact_us_form_builder_for_wordpress | The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2024-2200 [email protected] [email protected] |
| bestwebsoft — contact_form_by_bestwebsoft_-_advanced_contact_us_form_builder_for_wordpress | The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2024-2198 [email protected] [email protected] |
| bfintal — stackable_-_page_builder_gutenberg_blocks | The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2039 [email protected] [email protected] |
| blazethemes — newsmatic | The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the ‘newsmatic_filter_posts_load_tab_content’. This makes it possible for unauthenticated attackers to view draft posts and post content. | 2024-04-09 | 5.3 | CVE-2024-1587 [email protected] [email protected] |
| blocksmarket — gradient_text_widget_for_elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1. | 2024-04-07 | 6.5 | CVE-2024-31346 [email protected] |
| bogdanfix — wp_sendfox | Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0. | 2024-04-11 | 5.4 | CVE-2024-27970 [email protected] |
| boldthemes — bold_page_builder | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2734 [email protected] [email protected] |
| boldthemes — bold_page_builder | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price List’ element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2735 [email protected] [email protected] |
| boldthemes — bold_page_builder | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2736 [email protected] [email protected] |
| boldthemes — bold_page_builder | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3266 [email protected] [email protected] |
| boldthemes — bold_page_builder | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3267 [email protected] [email protected] |
| boldthemes — bold_page_builder | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s “Separator” element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 5.4 | CVE-2024-2733 [email protected] [email protected] |
| bosch — ams | A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user. | 2024-04-11 | 4.6 | CVE-2023-32228 [email protected] |
| bracketspace — advanced_cron_manager_-_debug_&_control | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BracketSpace Advanced Cron Manager – debug & control allows Stored XSS.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.2. | 2024-04-11 | 5.9 | CVE-2024-31926 [email protected] |
| bracketspace — simple_post_notes | Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6. | 2024-04-11 | 4.3 | CVE-2024-31935 [email protected] |
| bradvin — best_wordpress_gallery_plugin_-_foogallery | The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2081 [email protected] [email protected] [email protected] |
| brainstormforce — astra | The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user’s display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2347 [email protected] [email protected] |
| brainstormforce — cards_for_beaver_builder | The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2305 [email protected] [email protected] |
| brainstormforce — spectra_-_wordpress_gutenberg_blocks | The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2023-6486 [email protected] [email protected] [email protected] [email protected] |
| brechtvds — wp_recipe_maker | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe dashboard (which is administrator-only by default but can be assigned to arbitrary capabilities), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 4.4 | CVE-2024-1571 [email protected] [email protected] |
| bricksforge — bricksforge | Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. | 2024-04-10 | 5.3 | CVE-2024-31242 [email protected] |
| britner — gutenberg_blocks_by_kadence_blocks_-_page_builder_features | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-04-09 | 4.4 | CVE-2024-0598 [email protected] [email protected] [email protected] |
| britner — gutenberg_blocks_by_kadence_blocks_page_builder_features | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget’s anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1999 [email protected] [email protected] [email protected] |
| bunny.net — bunny.net | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bunny.Net allows Stored XSS.This issue affects bunny.Net: from n/a through 2.0.1. | 2024-04-11 | 5.9 | CVE-2024-31361 [email protected] |
| byzoro — smart_s80_management_platform | A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-09 | 4.7 | CVE-2024-3521 [email protected] [email protected] [email protected] [email protected] |
| campcodes — church_management_system | A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259906 is the identifier assigned to this vulnerability. | 2024-04-10 | 6.3 | CVE-2024-3536 [email protected] [email protected] [email protected] [email protected] |
| campcodes — church_management_system | A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/admin_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259907. | 2024-04-10 | 6.3 | CVE-2024-3537 [email protected] [email protected] [email protected] [email protected] |
| campcodes — church_management_system | A vulnerability was found in Campcodes Church Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/addTithes.php. The manipulation of the argument na leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259908. | 2024-04-10 | 6.3 | CVE-2024-3538 [email protected] [email protected] [email protected] [email protected] |
| campcodes — church_management_system | A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The manipulation of the argument amount leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259909 was assigned to this vulnerability. | 2024-04-10 | 6.3 | CVE-2024-3539 [email protected] [email protected] [email protected] [email protected] |
| campcodes — church_management_system | A vulnerability was found in Campcodes Church Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_sundaysch.php. The manipulation of the argument Gender leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259910 is the identifier assigned to this vulnerability. | 2024-04-10 | 6.3 | CVE-2024-3540 [email protected] [email protected] [email protected] [email protected] |
| campcodes — house_rental_management_system | A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260483. | 2024-04-12 | 6.3 | CVE-2024-3696 [email protected] [email protected] [email protected] [email protected] |
| campcodes — house_rental_management_system | A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260484. | 2024-04-12 | 6.3 | CVE-2024-3697 [email protected] [email protected] [email protected] [email protected] |
| campcodes — house_rental_management_system | A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_payment.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260485 was assigned to this vulnerability. | 2024-04-12 | 6.3 | CVE-2024-3698 [email protected] [email protected] [email protected] [email protected] |
| campcodes — house_rental_management_system | A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260571. | 2024-04-13 | 6.3 | CVE-2024-3719 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_event_management_system | A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259893 was assigned to this vulnerability. | 2024-04-09 | 6.3 | CVE-2024-3522 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_event_management_system | A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0. This vulnerability affects unknown code of the file /views/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259894 is the identifier assigned to this vulnerability. | 2024-04-09 | 6.3 | CVE-2024-3523 [email protected] [email protected] [email protected] [email protected] |
| catch_plugins — generate_child_theme | Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0. | 2024-04-12 | 5.4 | CVE-2024-31279 [email protected] |
| celomitan — gum_elementor_addon | The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2348 [email protected] [email protected] [email protected] |
| clavaque — s2member_-_best_membership_plugin_for_all_kinds_of_memberships_content_restriction_paywalls_&_member_access_subscriptions | The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers to see the contents of those posts and pages. | 2024-04-09 | 5.3 | CVE-2024-0899 [email protected] [email protected] |
| coded_commerce,_llc — benchmark_email_lite | Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1. | 2024-04-12 | 4.3 | CVE-2024-31360 [email protected] |
| codepeople — contact_form_email | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. | 2024-04-10 | 5.3 | CVE-2024-31302 [email protected] |
| collizo4sky — paid_membership_plugin_ecommerce,_user_registration_form,_login_form_user_profile_&_restrict_content_-_profilepress | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘reg-single-checkbox’ shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-3210 [email protected] [email protected] |
| colorlibplugins — fancybox_for_wordpress | The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-04-09 | 4.4 | CVE-2024-0662 [email protected] [email protected] |
| connekthq — wordpress_infinite_scroll_-_ajax_load_more | The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the ‘type’ parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. This is limited to Windows instances. | 2024-04-09 | 4.9 | CVE-2024-1790 [email protected] [email protected] [email protected] [email protected] |
| contao — contao | Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, remove upload fields from frontend forms and disable uploads for untrusted back end users. | 2024-04-09 | 5.4 | CVE-2024-28190 [email protected] [email protected] [email protected] [email protected] |
| contao — contao | Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me token, changing the password would not be enough to reclaim control over the account. Version 4.13.40 contains a fix for the issue. As a workaround, disable “Allow auto login” in the login module. | 2024-04-09 | 5.9 | CVE-2024-30262 [email protected] [email protected] |
| contao — contao | Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable BBCode for comments. | 2024-04-09 | 4.3 | CVE-2024-28234 [email protected] [email protected] [email protected] [email protected] |
| convertkit — convertkit | Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5. | 2024-04-10 | 5.3 | CVE-2024-31245 [email protected] |
| cp_plus — wi-fi_camera | A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259615. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-08 | 5.4 | CVE-2024-3434 [email protected] [email protected] [email protected] [email protected] |
| creativeminds — invitation_code_content_restriction_plugin_from_creativeminds | The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘target_id’ parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2022-4965 [email protected] [email protected] |
| creativethemes — blocksy_companion | Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28. | 2024-04-11 | 5.4 | CVE-2024-31932 [email protected] |
| cssigniterteam — elements_plus! | The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2335 [email protected] [email protected] |
| cym1102 — nginxwebui | A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability. | 2024-04-13 | 6.3 | CVE-2024-3739 [email protected] [email protected] [email protected] [email protected] |
| cym1102 — nginxwebui | A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579. | 2024-04-13 | 6.3 | CVE-2024-3740 [email protected] [email protected] [email protected] [email protected] [email protected] |
| cym1102 — nginxwebui | A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575. | 2024-04-13 | 4.3 | CVE-2024-3736 [email protected] [email protected] [email protected] [email protected] |
| danieliser — popup_maker_-_popup_for_opt-ins_lead_gen_&_more | The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2336 [email protected] [email protected] |
| dataease — dataease | DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform’s database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading. | 2024-04-08 | 5.3 | CVE-2024-30269 [email protected] [email protected] |
| dell — alienware_command_center_(awcc) | Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. | 2024-04-10 | 6.7 | CVE-2024-0159 [email protected] |
| dell — cpg_bios | Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. | 2024-04-10 | 4.7 | CVE-2024-22448 [email protected] |
| dell — dell_storage_resource_manager | Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user’s application session. | 2024-04-12 | 5.9 | CVE-2024-0157 [email protected] |
| devitemsllc — shoplentor_-_woocommerce_builder_for_elementor_&_gutenberg_+12_modules_-_all_in_one_solution_(formerly_woolentor) | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1960 [email protected] [email protected] [email protected] [email protected] |
| devitemsllc — shoplentor_-_woocommerce_builder_for_elementor_&_gutenberg_+12_modules_-_all_in_one_solution_(formerly_woolentor) | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2946 [email protected] [email protected] |
| devowl — real_media_library:_media_library_folder_&_file_manager | The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its style attributes in all versions up to, and including, 4.22.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2027 [email protected] [email protected] |
| dfactory — post_views_counter | Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions. | 2024-04-12 | 4.3 | CVE-2024-31264 [email protected] |
| dglingren — media_library_assistant | The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 6.4 | CVE-2024-2871 [email protected] [email protected] [email protected] [email protected] |
| digitalbazaar — zcap | `@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current date or other `date` param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material. `@digitalbazaar/zcap` v9.0.1 fixes expiration checking. As a workaround, one may revoke a zcap at any time. | 2024-04-10 | 4.3 | CVE-2024-31995 [email protected] [email protected] [email protected] [email protected] |
| easy_digital_downloads — easy_digital_downloads | Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. | 2024-04-12 | 4.3 | CVE-2024-31293 [email protected] |
| ecwid — ecwid_ecommerce_shopping_cart | The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2456 [email protected] [email protected] |
| elbanyaoui — woocommerce_clover_payment_gateway | The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid. | 2024-04-09 | 5.3 | CVE-2024-0626 [email protected] [email protected] [email protected] |
| elementor — hello_elementor | Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0. | 2024-04-12 | 4.3 | CVE-2024-31289 [email protected] |
| elemntor — elementor_website_builder_-_more_than_just_a_page_builder | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2117 [email protected] [email protected] |
| elextensions — elex_woocommerce_dynamic_pricing_and_discounts | Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | 2024-04-12 | 4.3 | CVE-2024-31364 [email protected] |
| envato — template_kit_-_import | The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2334 [email protected] [email protected] [email protected] |
| exactly_www — ewww_image_optimizer | Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3. | 2024-04-10 | 4.3 | CVE-2024-31924 [email protected] |
| expresstech — quiz_and_survey_master | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2. | 2024-04-11 | 5.9 | CVE-2024-27966 [email protected] |
| faktor_vier — f4_improvements | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0. | 2024-04-11 | 5.9 | CVE-2024-31925 [email protected] |
| fetch_designs — sign-up_sheets | Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets.This issue affects Sign-up Sheets: from n/a through 2.2.11.1. | 2024-04-12 | 4.3 | CVE-2024-31303 [email protected] |
| formsite — formsite_|_embed_online_forms_to_collect_orders_registrations_leads_and_surveys | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Formsite Formsite | Embed online forms to collect orders, registrations, leads, and surveys allows Stored XSS.This issue affects Formsite | Embed online forms to collect orders, registrations, leads, and surveys: from n/a through 1.6. | 2024-04-07 | 6.5 | CVE-2024-31257 [email protected] |
| fortinet — fortimanager | A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates. | 2024-04-09 | 6.7 | CVE-2023-47542 [email protected] |
| fortinet — fortios | A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, version 7.0.14 and below, version 6.4.15 and below command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests. | 2024-04-09 | 6.7 | CVE-2023-48784 [email protected] |
| fortinet — fortios | An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests. | 2024-04-09 | 5.3 | CVE-2024-23662 [email protected] |
| fortinet — fortisandbox | An improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI. | 2024-04-09 | 6.7 | CVE-2023-47540 [email protected] |
| fortinet — fortisandbox | An improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI. | 2024-04-09 | 6.7 | CVE-2023-47541 [email protected] |
| fortinet — fortisandbox | A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests. | 2024-04-09 | 5.9 | CVE-2024-31487 [email protected] |
| fr-d-ric_gilles — fg_drupal_to_wordpress | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3. | 2024-04-10 | 5.3 | CVE-2024-31247 [email protected] |
| getbowtied — shopkeeper_extender | The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘image_slide’ shortcode in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-12 | 6.4 | CVE-2024-2801 [email protected] [email protected] |
| gitlab — gitlab | A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature. | 2024-04-12 | 4.3 | CVE-2023-6489 [email protected] [email protected] |
| gitlab — gitlab | An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file. | 2024-04-12 | 4.3 | CVE-2023-6678 [email protected] [email protected] |
| givewp — givewp | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1. | 2024-04-12 | 5.9 | CVE-2022-40211 [email protected] |
| gn_themes — wp_shortcodes_plugin_-_shortcodes_ultimate | The WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘note_color’ shortcode in all versions up to, and including, 7.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3512 [email protected] [email protected] [email protected] [email protected] |
| hcl_software — bigfix_enterprise_suite_asset_discovery | The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry. | 2024-04-08 | 6.6 | CVE-2024-23584 [email protected] |
| hidekazu_ishikawa — x-t9 | Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.This issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1. | 2024-04-10 | 4.3 | CVE-2024-31386 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| i_thirteen_web_solution — wp_responsive_tabs_horizontal_vertical_and_accordion_tabs | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17. | 2024-04-11 | 6.5 | CVE-2024-27989 [email protected] |
| ibm — qradar_siem | IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706. | 2024-04-11 | 5.9 | CVE-2023-50949 [email protected] [email protected] |
| ibm — security_verify_access_appliance | IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318. | 2024-04-10 | 6.2 | CVE-2024-31874 [email protected] [email protected] |
| ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273338. | 2024-04-12 | 5.4 | CVE-2023-50307 [email protected] [email protected] |
| ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894. | 2024-04-12 | 5.4 | CVE-2024-22357 [email protected] [email protected] |
| ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 268691. | 2024-04-12 | 4.8 | CVE-2023-45186 [email protected] [email protected] |
| ibm — sterling_file_gateway | IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531. | 2024-04-12 | 4.8 | CVE-2023-47714 [email protected] [email protected] |
| ibm — storage_defender | IBM Storage Defender – Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986. | 2024-04-12 | 6.4 | CVE-2024-27261 [email protected] [email protected] |
| ibm — urbancode_deploy | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896. | 2024-04-12 | 6.3 | CVE-2024-22358 [email protected] [email protected] |
| ibm — urbancode_deploy | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897. | 2024-04-12 | 6.1 | CVE-2024-22359 [email protected] [email protected] |
| ibm — urbancode_deploy | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974. | 2024-04-12 | 4.4 | CVE-2024-22334 [email protected] [email protected] |
| ibm — urbancode_deploy | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979. | 2024-04-12 | 4.3 | CVE-2024-22339 [email protected] [email protected] |
| ideaboxcreations — powerpack_addons_for_elementor_(free_widgets_extensions_and_templates) | The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2492 [email protected] [email protected] |
| ideaboxcreations — powerpack_lite_for_beaver_builder | The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2289 [email protected] [email protected] |
| j_3rk — video_conferencing_with_zoom | The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it possible for authenticated attackers, with subscriber access or higher, to enumerate usernames, emails and IDs of all users on a site. | 2024-04-09 | 4.3 | CVE-2024-2033 [email protected] [email protected] |
| jackdewey — link_library | The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2024-2325 [email protected] [email protected] |
| jcodex — woocommerce_checkout_field_editor_(checkout_manager) | Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8. | 2024-04-12 | 5.4 | CVE-2024-31262 [email protected] |
| jetmonsters — getwid_-_gutenberg_blocks | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1948 [email protected] [email protected] |
| jetmonsters — jetwidgets_for_elementor | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2138 [email protected] [email protected] |
| jetmonsters — jetwidgets_for_elementor | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2507 [email protected] [email protected] |
| joel_hardi — user_spam_remover | Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0. | 2024-04-10 | 5.3 | CVE-2024-31298 [email protected] |
| joomunited — wp_media_folder | Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | 2024-04-11 | 5.4 | CVE-2024-25907 [email protected] |
| joomunited — wp_media_folder | Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | 2024-04-11 | 4.3 | CVE-2024-25908 [email protected] |
| jtermaat — 360_javascript_viewer | The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings. | 2024-04-09 | 4.3 | CVE-2024-1637 [email protected] [email protected] [email protected] |
| julien_berthelot_/_mpembed.com — wp_matterport_shortcode | Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode.This issue affects WP Matterport Shortcode: from n/a through 2.1.8. | 2024-04-11 | 4.3 | CVE-2024-32109 [email protected] |
| juniper_networks — junos_os_evolved | A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition. This issue affects Juniper Networks Junos OS Evolved: 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO. | 2024-04-12 | 6.5 | CVE-2024-30403 [email protected] [email protected] |
| juniper_networks — junos_os_evolved | An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO. | 2024-04-12 | 5.3 | CVE-2024-21590 [email protected] [email protected] |
| juniper_networks — junos_os_evolved | An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane. When an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn’t consider existing connections anymore for subsequent connection attempts so that the connection limit can be exceeded. This issue affects Junos OS Evolved: All versions before 21.4R3-S4-EVO, 22.1-EVO versions before 22.1R3-S3-EVO, 22.2-EVO versions before 22.2R3-S2-EVO, 22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO. | 2024-04-12 | 5.3 | CVE-2024-30390 [email protected] [email protected] |
| juniper_networks — junos_os_evolved | A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO. This issue does not affect releases before 23.1R1-EVO. | 2024-04-12 | 5.5 | CVE-2024-30406 [email protected] [email protected] [email protected] [email protected] |
| juniper_networks — junos_os | An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue. This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304. This issue affects: Juniper Networks Junos OS 21.4 versions from 21.4R3 earlier than 21.4R3-S5; 22.2 versions from 22.2R2 earlier than 22.2R3-S2; 22.3 versions from 22.3R1 earlier than 22.3R2-S2; 22.3 versions from 22.3R3 earlier than 22.3R3-S1 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3; 23.2 versions earlier than 23.2R1-S1, 23.2R2. | 2024-04-12 | 6.5 | CVE-2024-21593 [email protected] [email protected] |
| juniper_networks — junos_os | An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device. This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device. This issue affects Juniper Networks Junos OS: * 21.2 version 21.2R3-S3 and later versions earlier than 21.2R3-S6; * 22.1 version 22.1R3 and later versions earlier than 22.1R3-S4; * 22.2 version 22.2R2 and later versions earlier than 22.2R3-S2; * 22.3 version 22.3R2 and later versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. This issue does not affect Juniper Networks Junos OS 21.4R1 and later versions of 21.4. | 2024-04-12 | 6.5 | CVE-2024-21605 [email protected] [email protected] |
| juniper_networks — junos_os | A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart. The iked process memory consumption can be checked using the below command: user@host> show system processes extensive | grep iked PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 56903 root 31 0 4016M 2543M CPU0 0 2:10 10.50% iked This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. | 2024-04-12 | 6.5 | CVE-2024-21609 [email protected] [email protected] |
| juniper_networks — junos_os | An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Junos OS: * from 21.4 before 21.4R3-S4, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R2-S2, 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. This issue does not affect: * Junos OS versions prior to 21.4R1; * Junos OS Evolved versions prior to 21.4R1-EVO. | 2024-04-12 | 6.5 | CVE-2024-21618 [email protected] [email protected] |
| juniper_networks — junos_os | A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart. This issue affects Junos OS: All versions before 20.4R3-S9, 21.2 versions before 21.2R3-S5, 21.3 versions before 21.3R3-S5, 21.4 versions before 21.4R3-S4, 22.1 versions before 22.1R3-S2, 22.2 versions before 22.2R3-S2, 22.3 versions before 22.3R2-S2, 22.3R3, 22.4 versions before 22.4R2. | 2024-04-12 | 6.5 | CVE-2024-30387 [email protected] [email protected] |
| juniper_networks — junos_os | An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss. This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series: * 20.4 versions from 20.4R3-S4 before 20.4R3-S8, * 21.2 versions from 21.2R3-S2 before 21.2R3-S6, * 21.4 versions from 21.4R2 before 21.4R3-S4, * 22.1 versions from 22.1R2 before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2-S1, 22.4R3. | 2024-04-12 | 6.5 | CVE-2024-30388 [email protected] [email protected] |
| juniper_networks — junos_os | An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can’t be established anymore. A similar behavior will be seen for telnet etc. Stuck mgd processes can be monitored by executing the following command: user@host> show system processes extensive | match mgd | match sbwait This issue affects Juniper Networks Junos OS on MX Series: All versions earlier than 20.4R3-S9; 21.2 versions earlier than 21.2R3-S7; 21.3 versions earlier than 21.3R3-S5; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S2; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2. | 2024-04-12 | 5.3 | CVE-2024-21610 [email protected] [email protected] |
| juniper_networks — junos_os | An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R1-S2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO, * from 21.3 before 21.3R3-S5-EVO, * from 21.4 before 21.4R3-S5-EVO, * from 22.1 before 22.1R3-S5-EVO, * from 22.2 before 22.2R3-S3-EVO, * from 22.3 before 22.3R3-S2-EVO, * from 22.4 before 22.4R3-EVO, * from 23.2 before 23.2R1-S2. | 2024-04-12 | 5 | CVE-2024-21615 [email protected] [email protected] |
| juniper_networks — junos_os | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos). If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers. This issue affects Junos OS: All versions before 20.4R3-S10, 21.2 versions before 21.2R3-S7, 21.4 versions before 21.4R3-S6. | 2024-04-12 | 5.5 | CVE-2024-30384 [email protected] [email protected] |
| juniper_networks — junos_os | A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control. This issue affects: Junos OS: * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3,, * 22.4 versions before 22.4R2; Junos OS Evolved: * All versions before 20.4R3-S8-EVO, * 21.2-EVO versions before 21.2R3-S6-EVO, * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R2-EVO. | 2024-04-12 | 5.3 | CVE-2024-30386 [email protected] [email protected] |
| juniper_networks — junos_os | An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn’t recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1. | 2024-04-12 | 5.8 | CVE-2024-30389 [email protected] [email protected] |
| juniper_networks — junos_os | An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC. Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow. This issue affects Junos OS on MX Series and EX9200-15C: * from 21.2 before 21.2R3-S1, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2, * from 22.2 before 22.2R2; This issue does not affect: * versions of Junos OS prior to 20.3R1; * any version of Junos OS 20.4. | 2024-04-12 | 5.9 | CVE-2024-30401 [email protected] [email protected] |
| juniper_networks — junos_os | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition. This issue affects: Junos OS: All versions earlier than 20.4R3-S10; 21.2 versions earlier than 21.2R3-S7; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S1; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2. Junos OS Evolved: All versions earlier than 21.4R3-S5-EVO; 22.1-EVO versions earlier than 22.1R3-S4-EVO; 22.2-EVO versions earlier than 22.2R3-S3-EVO; 22.3-EVO versions earlier than 22.3R3-S1-EVO; 22.4-EVO versions earlier than 22.4R3-EVO; 23.2-EVO versions earlier than 23.2R2-EVO. | 2024-04-12 | 5.9 | CVE-2024-30402 [email protected] [email protected] |
| juniper_networks — junos_os | An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service. This issue affects Juniper Networks Junos OS: * from 22.1 before 22.1R1-S2, 22.1R2. Junos OS Evolved: * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO. | 2024-04-12 | 5.3 | CVE-2024-30409 [email protected] [email protected] |
| juniper_networks — junos_os | A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: All versions before 20.4R3-S7, 21.1 versions before 21.1R3, 21.2 versions before 21.2R2-S1, 21.2R3, 21.3 versions before 21.3R1-S2, 21.3R2. | 2024-04-12 | 4.8 | CVE-2024-30391 [email protected] [email protected] |
| juniper_networks — junos_ | An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filter. This issue affects only IPv6 firewall filter. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6. | 2024-04-12 | 5.8 | CVE-2024-30410 [email protected] [email protected] |
| junkcoder,_ristoniinemets — ajax_thumbnail_rebuild | Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13. | 2024-04-11 | 4.3 | CVE-2022-47604 [email protected] |
| kekotron — ai_post_generator_|_autowriter | The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions. | 2024-04-09 | 6.3 | CVE-2024-1850 [email protected] [email protected] [email protected] |
| khl32 — font_farsi | The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-04-09 | 4.4 | CVE-2024-3093 [email protected] [email protected] |
| kurudrive — vk_all_in_one_expansion_unit | The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content. | 2024-04-09 | 6.5 | CVE-2024-2093 [email protected] [email protected] [email protected] |
| kyivstarteam — react-native-sms-user-consent | A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508. | 2024-04-07 | 5.3 | CVE-2021-4438 [email protected] [email protected] [email protected] [email protected] [email protected] |
| leadinfo — leadinfo | Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0. | 2024-04-11 | 4.3 | CVE-2024-32112 [email protected] |
| leap13 — premium_addons_for_elementor | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-0376 [email protected] [email protected] |
| leap13 — premium_addons_for_elementor | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2664 [email protected] [email protected] |
| leap13 — premium_addons_for_elementor | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.5 | CVE-2024-2665 [email protected] [email protected] |
| leap13 — premium_addons_for_elementor | The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin’s Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and attempts to edit the content. | 2024-04-10 | 5.4 | CVE-2024-2666 [email protected] [email protected] |
| leap13 — premium_addons_for_elementor | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22. | 2024-04-10 | 4.3 | CVE-2024-31278 [email protected] |
| lifterlms — lifterlms | Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0. | 2024-04-12 | 4.3 | CVE-2024-31363 [email protected] |
| link_whisper — link_whisper_free | Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9. | 2024-04-11 | 4.3 | CVE-2024-31934 [email protected] |
| livemesh — elementor_addons_by_livemesh | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1458 [email protected] [email protected] |
| livemesh — elementor_addons_by_livemesh | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1461 [email protected] [email protected] |
| livemesh — elementor_addons_by_livemesh | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1464 [email protected] [email protected] |
| livemesh — elementor_addons_by_livemesh | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carousel_skin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1465 [email protected] [email protected] |
| livemesh — elementor_addons_by_livemesh | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_style’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-27986 may be a duplicate of this issue. | 2024-04-09 | 6.4 | CVE-2024-1466 [email protected] [email protected] |
| livemesh — elementor_addons_by_livemesh | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget ‘_id’ attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2539 [email protected] [email protected] |
| livemesh — elementor_addons_by_livemesh | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2655 [email protected] [email protected] |
| lizardbyte — sunshine | Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability. | 2024-04-08 | 5.9 | CVE-2024-31221 [email protected] [email protected] [email protected] [email protected] |
| mailmunch — mailmunch_-_grow_your_email_list | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MailMunch MailMunch – Grow your Email List allows Stored XSS.This issue affects MailMunch – Grow your Email List: from n/a through 3.1.6. | 2024-04-07 | 6.5 | CVE-2024-31349 [email protected] |
| mark_stockton — quicksand_post_filter_jquery_plugin | Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. | 2024-04-11 | 5.3 | CVE-2024-24850 [email protected] |
| matrix-org — matrix-appservice-irc | matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don’t have access to. As a precondition to the attack, the malicious user needs to know the event ID of the message they want to leak, as well as to be joined to both the Matrix room and the IRC channel it is bridged to. The message reply containing the leaked message content is visible to IRC channel members when this happens. matrix-appservice-irc 2.0.0 checks whether the user has permission to view an event before constructing a reply. Administrators should upgrade to this version. It’s possible to limit the amount of information leaked by setting a reply template that doesn’t contain the original message. See these lines `601-604` in the configuration file linked. | 2024-04-12 | 4.3 | CVE-2024-32000 [email protected] [email protected] [email protected] |
| mautic — mautic | Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available | 2024-04-10 | 5.3 | CVE-2024-2730 [email protected] |
| mautic — mautic | Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users’ names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available. | 2024-04-10 | 5.4 | CVE-2024-2731 [email protected] |
| mautic — mautic | Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available. | 2024-04-10 | 5 | CVE-2024-3448 [email protected] |
| max_foundry — media_library_folders | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8. | 2024-04-10 | 6.5 | CVE-2024-31287 [email protected] |
| mbis — permalink_manager_lite | The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2024-2738 [email protected] [email protected] [email protected] [email protected] |
| mbis — permalink_manager_lite | The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘get_uri_editor’ function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts. | 2024-04-09 | 4.3 | CVE-2024-2543 [email protected] [email protected] [email protected] |
| memberpress — memberpress | The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and ‘error’ parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note – the issue was partially patched in 1.11.25, but could still potentially be exploited under some circumstances. | 2024-04-09 | 6.1 | CVE-2024-1412 [email protected] [email protected] |
| metagauss — profilegrid_ | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6. | 2024-04-07 | 4.3 | CVE-2024-31291 [email protected] |
| metagauss — profilegrid_ | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | 2024-04-12 | 4.3 | CVE-2024-31362 [email protected] |
| metagauss — registrationmagic | Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | 2024-04-11 | 4.3 | CVE-2024-25935 [email protected] |
| metaslider — slider_gallery_and_carousel_by_metaslider_-_responsive_wordpress_slideshows | The Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘metaslider’ shortcode in all versions up to, and including, 3.70.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-11 | 6.4 | CVE-2024-3285 [email protected] [email protected] |
| michael_leithold — dsgvo_all_in_one_for_wp | Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3. | 2024-04-11 | 4.3 | CVE-2024-27967 [email protected] |
| micro.company — form_to_chat_app | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Micro.Company Form to Chat App allows Stored XSS.This issue affects Form to Chat App: from n/a through 1.1.6. | 2024-04-07 | 6.5 | CVE-2024-31258 [email protected] |
| microsoft — azure_arc_extension | Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | 2024-04-09 | 6.2 | CVE-2024-28917 [email protected] |
| microsoft — azure_compute_gallery | Azure Compute Gallery Elevation of Privilege Vulnerability | 2024-04-09 | 6.5 | CVE-2024-21424 [email protected] |
| microsoft — azure_identity_library_for_.net | Azure Identity Library for .NET Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-29992 [email protected] |
| microsoft — azure_migrate | Azure Migrate Remote Code Execution Vulnerability | 2024-04-09 | 6.4 | CVE-2024-26193 [email protected] |
| microsoft — azure_private_5g_core | Azure Private 5G Core Denial of Service Vulnerability | 2024-04-09 | 5.9 | CVE-2024-20685 [email protected] |
| microsoft — microsoft_sharepoint_server_2019 | Microsoft SharePoint Server Spoofing Vulnerability | 2024-04-09 | 6.8 | CVE-2024-26251 [email protected] |
| microsoft — windows_10_version_1809 | BitLocker Security Feature Bypass Vulnerability | 2024-04-09 | 6.1 | CVE-2024-20665 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-20669 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.8 | CVE-2024-26168 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-26171 [email protected] |
| microsoft — windows_10_version_1809 | Windows Kerberos Denial of Service Vulnerability | 2024-04-09 | 6.5 | CVE-2024-26183 [email protected] |
| microsoft — windows_10_version_1809 | Proxy Driver Spoofing Vulnerability | 2024-04-09 | 6.7 | CVE-2024-26234 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-26250 [email protected] |
| microsoft — windows_10_version_1809 | Windows rndismp6.sys Remote Code Execution Vulnerability | 2024-04-09 | 6.8 | CVE-2024-26252 [email protected] |
| microsoft — windows_10_version_1809 | Windows rndismp6.sys Remote Code Execution Vulnerability | 2024-04-09 | 6.8 | CVE-2024-26253 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.8 | CVE-2024-28897 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.3 | CVE-2024-28898 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-28903 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-28919 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-28921 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.4 | CVE-2024-28923 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-28924 [email protected] |
| microsoft — windows_10_version_1809 | Windows Hyper-V Denial of Service Vulnerability | 2024-04-09 | 6.2 | CVE-2024-29064 [email protected] |
| microsoft — windows_10_version_1809 | Windows DWM Core Library Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26172 [email protected] |
| microsoft — windows_10_version_1809 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26207 [email protected] |
| microsoft — windows_10_version_1809 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26209 [email protected] |
| microsoft — windows_10_version_1809 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26217 [email protected] |
| microsoft — windows_10_version_1809 | Windows Mobile Hotspot Information Disclosure Vulnerability | 2024-04-09 | 5 | CVE-2024-26220 [email protected] |
| microsoft — windows_10_version_1809 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26255 [email protected] |
| microsoft — windows_10_version_1809 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-28900 [email protected] |
| microsoft — windows_10_version_1809 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-28901 [email protected] |
| microsoft — windows_10_version_1809 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-28902 [email protected] |
| microsoft — windows_10_version_1809 | Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 4.1 | CVE-2024-28922 [email protected] |
| microsoft — windows_server_2019 | Windows Distributed File System (DFS) Information Disclosure Vulnerability | 2024-04-09 | 6.5 | CVE-2024-26226 [email protected] |
| microsoft — windows_server_2019 | Windows Authentication Elevation of Privilege Vulnerability | 2024-04-09 | 4.3 | CVE-2024-29056 [email protected] |
| mndpsingh287 — file_manager | The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information. | 2024-04-09 | 6.8 | CVE-2024-2654 [email protected] [email protected] [email protected] |
| n/a — dedecms | A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Affected is an unknown function of the file stepselect_main.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260472. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-12 | 6.3 | CVE-2024-3685 [email protected] [email protected] [email protected] [email protected] |
| n/a — dedecms | A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: ‘../filedir’. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-12 | 4.3 | CVE-2024-3686 [email protected] [email protected] [email protected] [email protected] |
| n/a — eyoucms | A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-07 | 4.7 | CVE-2024-3431 [email protected] [email protected] [email protected] [email protected] |
| n/a — freeipa | A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. | 2024-04-10 | 5.3 | CVE-2024-1481 [email protected] [email protected] |
| n/a — mysql2 | Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. | 2024-04-10 | 6.5 | CVE-2024-21507 [email protected] [email protected] [email protected] [email protected] |
| n/a — mysql2 | Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js. | 2024-04-10 | 6.5 | CVE-2024-21509 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| n/a — qemu | A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition. | 2024-04-10 | 5.5 | CVE-2024-3567 [email protected] [email protected] [email protected] |
| n/a — save_as_image_plugin_by_pdfcrowd | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Save as Image plugin by Pdfcrowd allows Stored XSS.This issue affects Save as Image plugin by Pdfcrowd: from n/a through 3.2.1 . | 2024-04-11 | 5.9 | CVE-2024-31931 [email protected] |
| netentsec — ns-asg_application_security_gateway | A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259711. | 2024-04-08 | 6.3 | CVE-2024-3455 [email protected] [email protected] [email protected] [email protected] |
| netentsec — ns-asg_application_security_gateway | A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/config_Anticrack.php. The manipulation of the argument GroupId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259712. | 2024-04-08 | 6.3 | CVE-2024-3456 [email protected] [email protected] [email protected] [email protected] |
| netentsec — ns-asg_application_security_gateway | A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/config_ISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259713 was assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3457 [email protected] [email protected] [email protected] [email protected] |
| netentsec — ns-asg_application_security_gateway | A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /admin/add_ikev2.php. The manipulation of the argument TunnelId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259714 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3458 [email protected] [email protected] [email protected] [email protected] |
| nextendweb — smart_slider_3 | The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files, including SVG files, which can be used to conduct stored cross-site scripting attacks. | 2024-04-13 | 6.4 | CVE-2024-3027 [email protected] [email protected] |
| nick_pelton — search_keyword_redirect | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0. | 2024-04-11 | 5.9 | CVE-2024-32080 [email protected] |
| nickboss — wordpress_file_upload | The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2847 [email protected] [email protected] |
| ninjateam — wp_chat_app | The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘imageAlt’ block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2513 [email protected] [email protected] |
| nudgify — nudgify_social_proof,_sales_popup_&_fomo | Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3. | 2024-04-12 | 4.3 | CVE-2024-31239 [email protected] |
| nuknightlab — knight_lab_timeline | The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2287 [email protected] [email protected] |
| nvidia — chatrtx | NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users’ browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure. | 2024-04-08 | 6.5 | CVE-2024-0083 [email protected] |
| oceanwp — ocean_extra | The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3167 [email protected] [email protected] [email protected] |
| octolize — usps_shipping_for_woocommerce_-_live_rates | Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2. | 2024-04-10 | 4.3 | CVE-2024-31943 [email protected] |
| octolize — woocommerce_ups_shipping_-_live_rates_and_access_points | Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4. | 2024-04-10 | 4.3 | CVE-2024-31944 [email protected] |
| open-telemetry — opentelemetry-dotnet | OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII – End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-04-12 | 4.1 | CVE-2024-32028 [email protected] [email protected] [email protected] |
| open-xchange_gmbh — ox_app_suite | RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Potentially malicious attributes now get removed from external RSS content. No publicly available exploits are known. | 2024-04-08 | 6.1 | CVE-2024-23192 [email protected] [email protected] [email protected] [email protected] |
| open-xchange_gmbh — ox_app_suite | Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering attack to make users import external content. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-generated content has been improved. No publicly available exploits are known. | 2024-04-08 | 5.4 | CVE-2024-23189 [email protected] [email protected] [email protected] [email protected] |
| open-xchange_gmbh — ox_app_suite | Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known. | 2024-04-08 | 5.4 | CVE-2024-23190 [email protected] [email protected] [email protected] [email protected] |
| open-xchange_gmbh — ox_app_suite | Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known. | 2024-04-08 | 5.4 | CVE-2024-23191 [email protected] [email protected] [email protected] [email protected] |
| opengnsys — opengnsys | Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored. | 2024-04-12 | 5.9 | CVE-2024-3706 [email protected] |
| opengnsys — opengnsys | Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file. | 2024-04-12 | 5.3 | CVE-2024-3707 [email protected] |
| palo_alto_networks — pan-os | An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption. | 2024-04-10 | 5.3 | CVE-2024-3386 [email protected] |
| palo_alto_networks — pan-os | A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls. | 2024-04-10 | 5.3 | CVE-2024-3387 [email protected] |
| palo_alto_networks — pan-os | A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. | 2024-04-10 | 4.1 | CVE-2024-3388 [email protected] |
| patrickposner — passster_-_password_protect_pages_and_content | The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2026 [email protected] [email protected] |
| pdfcrowd — save_as_pdf_plugin_by_pdfcrowd | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.1 . | 2024-04-11 | 5.9 | CVE-2024-31930 [email protected] |
| peach_payments — peach_payments_gateway | Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9. | 2024-04-11 | 5.4 | CVE-2024-25922 [email protected] |
| peepso — community_by_peepso | Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. | 2024-04-12 | 4.3 | CVE-2024-31251 [email protected] |
| pencidesign — soledad | Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | 2024-04-09 | 6.5 | CVE-2024-31368 [email protected] |
| pencidesign — soledad | Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | 2024-04-09 | 5.4 | CVE-2024-31369 [email protected] |
| phpbits_creative_studio — easy_login_styler_-_white_label_admin_login_page_for_wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label Admin Login Page for WordPress: from n/a through 1.0.6. | 2024-04-07 | 5.9 | CVE-2024-31344 [email protected] |
| phpgurukul — small_crm | A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479. | 2024-04-12 | 6.3 | CVE-2024-3690 [email protected] [email protected] [email protected] [email protected] |
| pickplugins — accordion | The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the ‘accordions_duplicate_post_as_draft’ function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts. | 2024-04-09 | 5.4 | CVE-2024-1641 [email protected] [email protected] [email protected] |
| ping_identity — pingfederate | Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests. | 2024-04-10 | 6.5 | CVE-2023-40148 [email protected] [email protected] |
| planet — igs-4215-16t2s | Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality. | 2024-04-11 | 6.4 | CVE-2024-2742 [email protected] |
| pluginsware — advanced_classifieds_&_directory_pro | The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads. | 2024-04-09 | 4.3 | CVE-2024-2222 [email protected] [email protected] [email protected] [email protected] |
| polevaultweb — intagrate_lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Polevaultweb Intagrate Lite allows Stored XSS.This issue affects Intagrate Lite: from n/a through 1.3.7. | 2024-04-11 | 5.9 | CVE-2024-31929 [email protected] |
| popup_likebox_team — popup_like_box | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2. | 2024-04-11 | 5.9 | CVE-2024-31387 [email protected] |
| prasunsen — watu_quiz | The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘watu-basic-chart’ shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-0873 [email protected] [email protected] |
| prasunsen — watu_quiz | The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which can include session tokens and user emails. | 2024-04-09 | 4.3 | CVE-2024-0872 [email protected] [email protected] |
| princeahmed — wp_radio_-_worldwide_online_radio_stations_directory_for_wordpress | The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access control on the settings. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-1041 [email protected] [email protected] |
| princeahmed — wp_radio_-_worldwide_online_radio_stations_directory_for_wordpress | The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin’s settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041. | 2024-04-10 | 6.4 | CVE-2024-1042 [email protected] [email protected] |
| propertyhive — propertyhive | Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9. | 2024-04-11 | 5.4 | CVE-2024-27985 [email protected] |
| psi-4ward — psitransfer | PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for the issue. CVE-2024-31453 allows users to violate the integrity of a file bucket and upload new files there, while the vulnerability with the number CVE-2024-31454 allows users to violate the integrity of a single file that is uploaded by another user by writing data there and not allows you to upload new files to the bucket. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application’s business logic. | 2024-04-09 | 6.5 | CVE-2024-31453 [email protected] [email protected] |
| psi-4ward — psitransfer | PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for this issue. CVE-2024-31454 allows users to violate the integrity of a file that is uploaded by another user. In this case, additional files are not loaded into the file bucket. Violation of integrity at the level of individual files. While the vulnerability with the number CVE-2024-31453 allows users to violate the integrity of a file bucket without violating the integrity of files uploaded by other users. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application’s business logic. | 2024-04-09 | 6.5 | CVE-2024-31454 [email protected] [email protected] |
| puneethreddyhc — event_management | A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259613 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-07 | 5.5 | CVE-2024-3432 [email protected] [email protected] [email protected] |
| qodeinteractive — qi_addons_for_elementor | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-0826 [email protected] [email protected] [email protected] |
| rainbowgeek — seopress_-_on-site_seo | The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2165 [email protected] [email protected] |
| rankmath — rank_math_seo_with_ai_seo_tools | The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2536 [email protected] [email protected] |
| realmag777 — wolf_-_wordpress_posts_bulk_editor_and_manager_professional | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1. | 2024-04-10 | 4.3 | CVE-2024-31430 [email protected] [email protected] |
| redisbloom — redisbloom | RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. | 2024-04-09 | 5.5 | CVE-2024-25116 [email protected] [email protected] |
| relevanssi — relevanssi_-_a_better_search_(pro) | The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS. | 2024-04-09 | 5.3 | CVE-2024-3213 [email protected] [email protected] [email protected] |
| relevanssi — relevanssi_-_a_better_search_(pro) | The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | 2024-04-09 | 5.8 | CVE-2024-3214 [email protected] [email protected] |
| repute_infosystems — arforms_form_builder | Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | 2024-04-12 | 6.3 | CVE-2024-31272 [email protected] |
| repute_infosystems — bookingpress | Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81. | 2024-04-07 | 4.3 | CVE-2024-31296 [email protected] |
| revolution_slider — slider_revolution | The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure revslider can be extended to authors. | 2024-04-09 | 6.4 | CVE-2024-2306 [email protected] [email protected] |
| rtcamp — transcoder | Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5. | 2024-04-12 | 4.3 | CVE-2024-31305 [email protected] |
| rubengc — gamipress_-_the_#1_gamification_plugin_to_reward_points_achievements_badges_&_ranks_in_wordpress | The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2783 [email protected] [email protected] |
| saleor — saleor | Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`. | 2024-04-08 | 4.2 | CVE-2024-31205 [email protected] [email protected] |
| saleor — saleor | Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | 2024-04-11 | 4.3 | CVE-2024-32105 [email protected] |
| saleswonder.biz_team — wp2leads | Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.This issue affects WP2LEADS: from n/a through 3.2.7. | 2024-04-08 | 5.4 | CVE-2024-31375 [email protected] |
| sap_se — sap_business_connector | The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side. | 2024-04-09 | 4.8 | CVE-2024-30214 [email protected] [email protected] |
| sap_se — sap_business_connector | The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. | 2024-04-09 | 4.8 | CVE-2024-30215 [email protected] [email protected] |
| sap_se — sap_group_reporting_data_collection_(enter_package_data) | SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization causing high impact on Integrity of the appliction. | 2024-04-09 | 6.5 | CVE-2024-28167 [email protected] [email protected] |
| sap_se — sap_netweaver_as_abap_and_abap_platform | The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability. | 2024-04-09 | 6.5 | CVE-2024-30218 [email protected] [email protected] |
| sap_se — sap_netweaver | SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality. | 2024-04-09 | 5.3 | CVE-2024-27898 [email protected] [email protected] |
| sap_se — sap_s/4_hana_(cash_management) | Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with ‘completed’ status affecting the integrity of the application. Confidentiality and Availability are not impacted. | 2024-04-09 | 4.3 | CVE-2024-30216 [email protected] [email protected] |
| sap_se — sap_s/4_hana_(cash_management) | Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted. | 2024-04-09 | 4.3 | CVE-2024-30217 [email protected] [email protected] |
| saumya_majumder — wp_server_health_stats | Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3. | 2024-04-12 | 4.3 | CVE-2024-31250 [email protected] |
| sc0ttkclark — pods_-_custom_content_types_and_fields | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role). | 2024-04-09 | 4.3 | CVE-2023-6965 [email protected] [email protected] [email protected] |
| setriosoft — bizcalendar_web | The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 1.1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-10 | 6.1 | CVE-2024-1780 [email protected] [email protected] |
| shopware — shopware | Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to `POST /store-api/account/logout`, the cart will be cleared, but the User won’t be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on `CustomerLogoutEvent` and invalidates the session additionally. The problem has been fixed in Shopware 6.6.1.0 and 6.5.8.8. Those who are unable to update can install the latest version of the Shopware Security Plugin as a workaround. | 2024-04-08 | 5.3 | CVE-2024-31447 [email protected] [email protected] [email protected] |
| shortpixel — shortpixel_adaptive_images | Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2. | 2024-04-10 | 5.3 | CVE-2024-31230 [email protected] |
| siemens — scalance_w1748-1_m12 | A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 2 “Abuse the queue for network disruptions” of CVE-2022-47522. Affected devices can be tricked into enabling its power-saving mechanisms for a victim client. This could allow a physically proximate attacker to execute disconnection and denial-of-service attacks. | 2024-04-09 | 6.1 | CVE-2024-30190 [email protected] |
| siemens — scalance_w721-1_rj45 | A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) (All versions), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) (All versions), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0) (All versions), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0) (All versions), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0) (All versions), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0) (All versions), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0) (All versions), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0) (All versions), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0) (All versions), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0) (All versions), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0) (All versions), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0) (All versions), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6) (All versions), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0) (All versions), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0) (All versions), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0) (All versions), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0) (All versions), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0) (All versions), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0) (All versions), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0) (All versions), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0) (All versions), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0) (All versions), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0) (All versions), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0) (All versions), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0) (All versions), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0) (All versions), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0) (All versions), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0) (All versions), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0) (All versions). This CVE refers to Scenario 1 “Leak frames from the Wi-Fi queue” of CVE-2022-47522. Affected devices queue frames in order to subsequently change the security context and leak the queued frames. This could allow a physically proximate attacker to intercept (possibly cleartext) target-destined frames. | 2024-04-09 | 6.1 | CVE-2024-30189 [email protected] |
| siemens — simatic_pcs_7_v9.1 | A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition. | 2024-04-09 | 6.2 | CVE-2023-50821 [email protected] |
| sigstore — cosign | Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability. | 2024-04-10 | 4.2 | CVE-2024-29902 [email protected] [email protected] [email protected] [email protected] [email protected] |
| sigstore — cosign | Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability. | 2024-04-10 | 4.2 | CVE-2024-29903 [email protected] [email protected] [email protected] [email protected] [email protected] |
| silverks — graphene | The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source. | 2024-04-09 | 5.3 | CVE-2024-1984 [email protected] [email protected] |
| smub — easy_digital_downloads_-_sell_digital_files_&_subscriptions_(ecommerce_store_+_payments_made_easy) | The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII. | 2024-04-09 | 5.3 | CVE-2024-2302 [email protected] [email protected] [email protected] |
| smub — wordpress_gallery_plugin_-_nextgen_gallery | The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin. | 2024-04-09 | 5.3 | CVE-2024-3097 [email protected] [email protected] [email protected] [email protected] |
| soflyy — import_any_xml_or_csv_file_to_wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3. | 2024-04-10 | 4.3 | CVE-2024-31939 [email protected] |
| softaculous — page_builder:_pagelayer_-_drag_and_drop_website_builder | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attr’ parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2504 [email protected] [email protected] [email protected] |
| someguy9 — lightweight_accordion | The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2436 [email protected] [email protected] [email protected] |
| sourcecodester — kortex_lite_advocate_office_management_system | A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file /control/deactivate_case.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260273 was assigned to this vulnerability. | 2024-04-11 | 4.7 | CVE-2024-3617 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — kortex_lite_advocate_office_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file /control/activate_case.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260274 is the identifier assigned to this vulnerability. | 2024-04-11 | 4.7 | CVE-2024-3618 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — kortex_lite_advocate_office_management_system | A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /control/addcase_stage.php. The manipulation of the argument cname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260275. | 2024-04-11 | 4.7 | CVE-2024-3619 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — kortex_lite_advocate_office_management_system | A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260276. | 2024-04-11 | 4.7 | CVE-2024-3620 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — kortex_lite_advocate_office_management_system | A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. This affects an unknown part of the file /control/register_case.php. The manipulation of the argument title/case_no/client_name/court/case_type/case_stage/legel_acts/description/filling_date/hearing_date/opposite_lawyer/total_fees/unpaid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260277 was assigned to this vulnerability. | 2024-04-11 | 4.7 | CVE-2024-3621 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — laundry_management_system | A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3445 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — laundry_management_system | A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3464 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — laundry_management_system | A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3465 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — laundry_management_system | A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747. | 2024-04-08 | 5.5 | CVE-2024-3466 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — online_courseware | A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588. | 2024-04-07 | 6.3 | CVE-2024-3416 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — online_courseware | A vulnerability, which was classified as critical, has been found in SourceCodester Online Courseware 1.0. This issue affects some unknown processing of the file admin/saveeditt.php. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259589 was assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3417 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — online_courseware | A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3418 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — online_courseware | A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259591. | 2024-04-07 | 6.3 | CVE-2024-3419 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — online_courseware | A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/saveedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259592. | 2024-04-07 | 6.3 | CVE-2024-3420 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — online_courseware | A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259593 was assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3421 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — online_courseware | A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3422 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — online_courseware | A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595. | 2024-04-07 | 6.3 | CVE-2024-3423 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — online_courseware | A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596. | 2024-04-07 | 6.3 | CVE-2024-3424 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — online_courseware | A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3425 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — prison_management_system | A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259630 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3436 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — prison_management_system | A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Employee/edit-profile.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259694 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3441 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — prison_management_system | A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259695. | 2024-04-08 | 6.3 | CVE-2024-3442 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — prison_management_system | A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259631. | 2024-04-08 | 4.7 | CVE-2024-3437 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — prison_management_system | A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/edit_profile.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259693 was assigned to this vulnerability. | 2024-04-08 | 4.7 | CVE-2024-3440 [email protected] [email protected] [email protected] [email protected] |
| spwebguy — responsive_tabs | The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tabs_color value in all versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3514 [email protected] [email protected] [email protected] [email protected] |
| stacklok — minder | Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`. | 2024-04-09 | 4.3 | CVE-2024-31455 [email protected] [email protected] [email protected] [email protected] |
| staxwp — elementor_addons_widgets_and_enhancements_-_stax | The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘Heading’ widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3064 [email protected] [email protected] |
| stephanie_leary — convert_post_types | Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4. | 2024-04-11 | 4.3 | CVE-2024-32108 [email protected] |
| stiofansisland — userswp_-_front-end_login_form,_user_registration_user_profile_&_members_directory_plugin_for_wordpress | The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2423 [email protected] [email protected] [email protected] |
| strangerstudios — paid_memberships_pro_-_content_restriction_user_registration_&_paid_subscriptions | The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-04-09 | 4.3 | CVE-2024-0588 [email protected] [email protected] |
| stylemix — masterstudy_lms_wordpress_plugin__for_online_courses_and_education | The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts. | 2024-04-09 | 4.3 | CVE-2024-1904 [email protected] [email protected] |
| supportcandy — supportcandy | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3. | 2024-04-11 | 6.5 | CVE-2024-27991 [email protected] |
| supsystic — easy_google_maps | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11. | 2024-04-12 | 4.3 | CVE-2024-31269 [email protected] |
| supsystic — ultimate_maps_by_supsystic | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. | 2024-04-12 | 4.3 | CVE-2024-31271 [email protected] |
| tausworks — global_elementor_buttons | The Global Elementor Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link URL in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2327 [email protected] [email protected] |
| tbk — dvr-4104 | A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576. | 2024-04-13 | 6.3 | CVE-2024-3737 [email protected] [email protected] [email protected] [email protected] |
| tbk –dvr-4104 | A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability. | 2024-04-13 | 6.3 | CVE-2024-3721 [email protected] [email protected] [email protected] [email protected] |
| techlabpro1 — classified_listing_-_classified_ads_&_business_directory_plugin | The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms. | 2024-04-09 | 6.5 | CVE-2024-1352 [email protected] [email protected] [email protected] |
| the_moneytizer — the_moneytizer | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Moneytizer allows Stored XSS.This issue affects The Moneytizer: from n/a through 9.5.20. | 2024-04-11 | 6.5 | CVE-2024-27990 [email protected] |
| the_tcpdump_group — tcpdump | Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21. | 2024-04-12 | 6.2 | CVE-2024-2397 [email protected] |
| theeventscalendar — event_tickets_and_registration | The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including emails and street addresses. | 2024-04-09 | 4.3 | CVE-2024-2261 [email protected] [email protected] |
| thehappymonster — happy_addons_for_elementor | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1498 [email protected] [email protected] [email protected] |
| thehappymonster — happy_addons_for_elementor | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2787 [email protected] [email protected] |
| thehappymonster — happy_addons_for_elementor | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2788 [email protected] [email protected] |
| thehappymonster — happy_addons_for_elementor | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2789 [email protected] [email protected] |
| thehappymonster — happy_addons_for_elementor | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 5.4 | CVE-2024-2786 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| thehappymonster — happy_addons_for_elementor | The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure. | 2024-04-09 | 4.3 | CVE-2024-1387 [email protected] [email protected] [email protected] |
| themefusion — avada_|_website_builder_for_wordpress_&_woocommerce | The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2311 [email protected] [email protected] [email protected] [email protected] [email protected] |
| themefusion — avada_|_website_builder_for_wordpress_&_woocommerce | The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-04-09 | 6.4 | CVE-2024-2343 [email protected] [email protected] [email protected] |
| themefusion — avada_|_website_builder_for_wordpress_&_woocommerce | The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the ‘/wp-content/uploads/fusion-forms/’ directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. | 2024-04-09 | 5.3 | CVE-2024-2340 [email protected] [email protected] |
| themeisle — multiple_page_generator_plugin_-_mpg | Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. | 2024-04-12 | 5.4 | CVE-2024-31301 [email protected] |
| themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2226 [email protected] [email protected] |
| themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-11 | 6.4 | CVE-2024-3343 [email protected] [email protected] |
| themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-11 | 6.4 | CVE-2024-3344 [email protected] [email protected] |
| themeisle — rss_aggregator_by_feedzy_-_feed_to_post_autoblogging_news_&_youtube_video_feeds_aggregator | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on the Content-Type field of error messages when retrieving an invalid RSS feed. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-07 | 6.4 | CVE-2023-6877 [email protected] [email protected] |
| themepoints — testimonials | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themepoints Testimonials allows Stored XSS.This issue affects Testimonials: from n/a through 3.0.5. | 2024-04-07 | 6.5 | CVE-2024-31348 [email protected] |
| themepunch — essential_grid_gallery_wordpress_plugin | The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information. | 2024-04-10 | 5.3 | CVE-2024-3235 [email protected] [email protected] |
| themesgrove — all-in-one_addons_for_elementor_-_widgetkit | The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-12 | 6.4 | CVE-2024-2137 [email protected] [email protected] |
| thimpress — learnpress_-_wordpress_lms_plugin | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to obtain information on orders placed by other users and guests, which can be leveraged to sign up for paid courses that were purchased by guests. Emails of other users are also exposed. | 2024-04-09 | 6.5 | CVE-2024-1289 [email protected] [email protected] |
| thimpress — learnpress_-_wordpress_lms_plugin | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with LP Instructor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 4.4 | CVE-2024-1463 [email protected] [email protected] |
| tianwell — fire_intelligent_command_platform | A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260572. | 2024-04-13 | 6.3 | CVE-2024-3720 [email protected] [email protected] [email protected] [email protected] |
| totalpressorg — custom_post_types_custom_fields_&_more | The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2023-6993 [email protected] [email protected] |
| tribulant — slideshow_gallery | Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | 2024-04-10 | 5.3 | CVE-2024-31353 [email protected] |
| tribulant — slideshow_gallery | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | 2024-04-12 | 4.3 | CVE-2024-31354 [email protected] |
| varun_kumar — easy_logo | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Varun Kumar Easy Logo allows Stored XSS.This issue affects Easy Logo: from n/a through 1.9.3. | 2024-04-11 | 5.9 | CVE-2024-32083 [email protected] |
| visitor_analytics — twipla_(visitor_analytics_io) | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Visitor Analytics TWIPLA (Visitor Analytics IO) allows Stored XSS.This issue affects TWIPLA (Visitor Analytics IO): from n/a through 1.2.0. | 2024-04-11 | 5.9 | CVE-2024-31937 [email protected] |
| vjinfotech — wp_import_export_lite | Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26. | 2024-04-07 | 4.4 | CVE-2024-31308 [email protected] |
| wangshen — secgate_3600 | A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259701 was assigned to this vulnerability. | 2024-04-08 | 4.7 | CVE-2024-3444 [email protected] [email protected] [email protected] [email protected] |
| webdevmattcrom — givewp_-_donation_plugin_and_fundraising_platform | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1424 [email protected] [email protected] |
| webdevmattcrom — givewp_-_donation_plugin_and_fundraising_platform | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘give_form’ shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-13 | 6.4 | CVE-2024-1957 [email protected] [email protected] |
| webfactory — wp_reset_-_most_advanced_wordpress_reset_tool | The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.99 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames. | 2024-04-09 | 5.9 | CVE-2023-6799 [email protected] [email protected] |
| webtechstreet — elementor_addon_elements | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.5 | CVE-2024-2792 [email protected] [email protected] [email protected] [email protected] [email protected] |
| webtoffee — wordpress_comments_import_&_export | Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5. | 2024-04-12 | 4.3 | CVE-2024-31235 [email protected] |
| wen_themes — wen_responsive_columns | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2. | 2024-04-11 | 6.5 | CVE-2024-27988 [email protected] |
| woocommerce — woocommerce_shipping_per_product | Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. | 2024-04-12 | 4.3 | CVE-2023-51499 [email protected] |
| wp_compress — wp_compress_-_image_optimizer_[all-in-one] | Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One].This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.10.35. | 2024-04-11 | 4.3 | CVE-2024-32106 [email protected] |
| wp_darko — top_bar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Darko Top Bar allows Stored XSS.This issue affects Top Bar: from n/a through 3.0.5. | 2024-04-11 | 5.9 | CVE-2024-31928 [email protected] |
| wp_enhanced — free_downloads_woocommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2. | 2024-04-11 | 6.5 | CVE-2024-27969 [email protected] |
| wp_oauth_server — oauth_server | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3. | 2024-04-10 | 4.7 | CVE-2024-31253 [email protected] |
| wp_royal — royal_elementor_addons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93. | 2024-04-07 | 6.5 | CVE-2024-31236 [email protected] |
| wp_swings — points_and_rewards_for_woocommerce | Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. | 2024-04-11 | 5.4 | CVE-2023-27607 [email protected] |
| wpcalc — modal_window_-_create_popup_modal_window | The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2457 [email protected] [email protected] |
| wpclever — wpc_smart_quick_view_for_woocommerce | The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-04-13 | 4.4 | CVE-2023-6494 [email protected] [email protected] |
| wpcloudgallery — wordpress_gallery_exporter | Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3. | 2024-04-10 | 6.5 | CVE-2024-31342 [email protected] |
| wpdeveloper — essential_blocks_for_gutenberg | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3. | 2024-04-07 | 6.5 | CVE-2024-31306 [email protected] |
| wpdevteam — betterdocs_-_best_documentation_faq_&_knowledge_base_plugin_with_ai_support_&_instant_answer_for_elementor_&_gutenberg | The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2845 [email protected] [email protected] |
| wpdevteam — embedpress_-_embed_pdf_google_docs_vimeo_wistia_embed_youtube_videos,_audios_maps_&_embed_any_documents_in_gutenberg_&_elementor | The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’embedpress_calendar’ shortcode in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3244 [email protected] [email protected] [email protected] |
| wpdevteam — essential_addons_for_elementor_-_best_elementor_templates_widgets_kits_&_woocommerce_builders | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up to, and including, 5.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2650 [email protected] [email protected] |
| wpdevteam — essential_addons_for_elementor_best_elementor_templates,_widgets,_kits_&_woocommerce_builders | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget’s message parameter in all versions up to, and including, 5.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2623 [email protected] [email protected] [email protected] |
| wpdevteam — essential_addons_for_elementor_best_elementor_templates,_widgets,_kits_&_woocommerce_builders | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts. | 2024-04-09 | 5.3 | CVE-2024-2974 [email protected] [email protected] |
| wpgmaps — wp_go_maps_(formerly_wp_google_maps) | The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer’s Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin. | 2024-04-09 | 5.3 | CVE-2023-6777 [email protected] [email protected] |
| wpkube — subscribe_to_comments_reloaded | Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725. | 2024-04-10 | 5.3 | CVE-2024-31249 [email protected] |
| wpmudev — forminator_-_contact_form_payment_form_&_custom_form_builder | The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3053 [email protected] [email protected] |
| wpzoom — beaver_builder_addons_by_wpzoom | The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2181 [email protected] [email protected] |
| wpzoom — beaver_builder_addons_by_wpzoom | The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-30424 is likely a duplicate of this issue. | 2024-04-09 | 6.4 | CVE-2024-2183 [email protected] [email protected] |
| wpzoom — beaver_builder_addons_by_wpzoom | The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2185 [email protected] [email protected] |
| wpzoom — beaver_builder_addons_by_wpzoom | The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2186 [email protected] [email protected] |
| wpzoom — beaver_builder_addons_by_wpzoom | The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2187 [email protected] [email protected] |
| wpzoom — wpzoom_social_feed_widget_&_block | The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all Instagram images installed on the site. | 2024-04-13 | 4.3 | CVE-2024-3662 [email protected] [email protected] |
| xiamen_four-faith — rmp_router_management_platform | A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. It has been declared as critical. This vulnerability affects unknown code of the file /Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=. The manipulation of the argument groupId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-12 | 6.3 | CVE-2024-3688 [email protected] [email protected] [email protected] [email protected] |
| xlplugins — finale_lite | Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. | 2024-04-11 | 4.3 | CVE-2024-32107 [email protected] |
| xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it’s possible for an attacker to have access to the hash password of a user if they have rights to edit the users’ page. With the default right scheme in XWiki this vulnerability is normally prevented on user profiles, except by users with Admin rights. Note that this vulnerability also impacts any extensions that might use passwords stored in xobjects: for those usecases it depends on the right of those pages. There is currently no way to be 100% sure that this vulnerability has been exploited, as an attacker with enough privilege could have deleted the revision where the xobject was deleted after rolling-back the deletion. But again, this operation requires high privileges on the target page (Admin right). A page with a user password xobject which have in its history a revision where the object has been deleted should be considered at risk and the password should be changed there. a diff, to ensure it’s not coming from a password field. As another mitigation, admins should ensure that the user pages are properly protected: the edit right shouldn’t be allowed for other users than Admin and owner of the profile (which is the default right). There is not much workaround possible for a privileged user other than upgrading XWiki. | 2024-04-10 | 6.8 | CVE-2024-31464 [email protected] [email protected] [email protected] [email protected] [email protected] |
| xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the `Scheduler.WebHome` page. | 2024-04-10 | 5.4 | CVE-2024-31985 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| xylus_themes — wp_event_aggregator | Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6. | 2024-04-12 | 4.3 | CVE-2024-31371 [email protected] |
| yith — yith_woocommerce_gift_cards_premium | Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. | 2024-04-11 | 6.5 | CVE-2022-44633 [email protected] |
| zaytech — smart_online_order_for_clover | Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5. | 2024-04-12 | 5.4 | CVE-2024-31238 [email protected] |
| zoom_video_communications_inc. — zoom_desktop_client_for_linux | Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access. | 2024-04-09 | 4.1 | CVE-2024-27242 [email protected] |
| zoom_video_communications_inc. — zoom_desktop_client_for_macos | Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. | 2024-04-09 | 5.5 | CVE-2024-27247 [email protected] |
| zoom_video_communications_inc. — zoom_desktop_client_for_windows | Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. | 2024-04-09 | 5.9 | CVE-2024-24694 [email protected] |
Low Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| authzed — spicedb | SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for either `folder` or `folder#parent`. This bug only manifests if the same subject type is used multiple types in a relation, relationships exist for both subject types and an arrow is used over the relation. Any user making a negative authorization decision based on the results of a LookupSubjects request with version before v1.30.1 is affected. Version 1.30.1 contains a patch for the issue. As a workaround, avoid using LookupSubjects for negative authorization decisions and/or avoid using the broken schema. | 2024-04-10 | 2.2 | CVE-2024-32001 [email protected] [email protected] [email protected] |
| bihell–dice | A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260474 is the identifier assigned to this vulnerability. | 2024-04-12 | 3.5 | CVE-2024-3687 [email protected] [email protected] [email protected] [email protected] |
| campcodes — church_management_system | A vulnerability classified as problematic has been found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/admin_user.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259911. | 2024-04-10 | 3.5 | CVE-2024-3541 [email protected] [email protected] [email protected] [email protected] |
| campcodes — church_management_system | A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259912. | 2024-04-10 | 3.5 | CVE-2024-3542 [email protected] [email protected] [email protected] [email protected] |
| campcodes — complete_online_student_management_system | A vulnerability was found in Campcodes Complete Online Student Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file units_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259898 is the identifier assigned to this vulnerability. | 2024-04-10 | 3.5 | CVE-2024-3528 [email protected] [email protected] [email protected] [email protected] |
| campcodes — complete_online_student_management_system | A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been classified as problematic. This affects an unknown part of the file students_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259899. | 2024-04-10 | 3.5 | CVE-2024-3529 [email protected] [email protected] [email protected] [email protected] |
| campcodes — complete_online_student_management_system | A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file Marks_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259900. | 2024-04-10 | 3.5 | CVE-2024-3530 [email protected] [email protected] [email protected] [email protected] |
| campcodes — complete_online_student_management_system | A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file courses_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259901 was assigned to this vulnerability. | 2024-04-10 | 3.5 | CVE-2024-3531 [email protected] [email protected] [email protected] [email protected] |
| campcodes — complete_online_student_management_system | A vulnerability classified as problematic has been found in Campcodes Complete Online Student Management System 1.0. Affected is an unknown function of the file attendance_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259902 is the identifier assigned to this vulnerability. | 2024-04-10 | 3.5 | CVE-2024-3532 [email protected] [email protected] [email protected] [email protected] |
| campcodes — complete_online_student_management_system | A vulnerability classified as problematic was found in Campcodes Complete Online Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file academic_year_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259903. | 2024-04-10 | 3.5 | CVE-2024-3533 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_event_management_system | A vulnerability, which was classified as problematic, has been found in Campcodes Online Event Management System 1.0. This issue affects some unknown processing of the file /views/process.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259895. | 2024-04-10 | 3.5 | CVE-2024-3524 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_event_management_system | A vulnerability, which was classified as problematic, was found in Campcodes Online Event Management System 1.0. Affected is an unknown function of the file /views/index.php. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259896. | 2024-04-10 | 3.5 | CVE-2024-3525 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_event_management_system | A vulnerability has been found in Campcodes Online Event Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259897 was assigned to this vulnerability. | 2024-04-10 | 3.5 | CVE-2024-3526 [email protected] [email protected] [email protected] [email protected] |
| contao — contao | Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, do not output user data from frontend forms next to each other, always separate them by at least one character. | 2024-04-09 | 3.1 | CVE-2024-28191 [email protected] [email protected] [email protected] [email protected] |
| gamerz — wp-postratings | A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability. | 2024-04-08 | 3.5 | CVE-2011-10006 [email protected] [email protected] [email protected] [email protected] [email protected] |
| hcl_software– dryicec_myxalytics | HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration. | 2024-04-10 | 3.7 | CVE-2023-50347 [email protected] |
| N/A — qksms | A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been classified as problematic. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259611. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-07 | 2.4 | CVE-2024-3430 [email protected] [email protected] [email protected] [email protected] |
| N/A — smart_office | A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. The manipulation of the argument New Password/Confirm Password with the input 1 leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-13 | 3.7 | CVE-2024-3735 [email protected] [email protected] [email protected] [email protected] |
| namithjawahar– wp-insert | A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.9 is able to address this issue. The name of the patch is a07b7b08084b9b85859f3968ce7fde0fd1fcbba3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259628. | 2024-04-08 | 3.5 | CVE-2014-125111 [email protected] [email protected] [email protected] |
| puneethreddyhc– eventmanagement | A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to cross site scripting. It is possible to launch the attack remotely. VDB-259614 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-07 | 3.5 | CVE-2024-3433 [email protected] [email protected] [email protected] [email protected] |
| siemens — parasolid_v35.1 | A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition. | 2024-04-09 | 3.3 | CVE-2024-26276 [email protected] |
| siemens — parasolid_v35.1 | A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2024-04-09 | 3.3 | CVE-2024-26277 [email protected] |
| sourcecodester — computer-laboratory_management_system | A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260482 is the identifier assigned to this vulnerability. | 2024-04-12 | 3.5 | CVE-2024-3695 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — laundry_management_system | A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /karyawan/edit. The manipulation of the argument karyawan leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259744. | 2024-04-08 | 3.5 | CVE-2024-3463 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — prison_management_system | A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259696. | 2024-04-08 | 3.5 | CVE-2024-3443 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester– online_courseware | A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Affected by this issue is some unknown functionality of the file editt.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259598 is the identifier assigned to this vulnerability. | 2024-04-07 | 3.5 | CVE-2024-3426 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester– online_courseware | A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. This affects an unknown part of the file addq.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259599. | 2024-04-07 | 3.5 | CVE-2024-3427 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester– online_courseware | A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259600. | 2024-04-07 | 3.5 | CVE-2024-3428 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester–warehouse_management_system | A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file barang.php. The manipulation of the argument nama_barang/merek leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260269 was assigned to this vulnerability. | 2024-04-11 | 3.5 | CVE-2024-3612 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester–warehouse_management_system | A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file supplier.php. The manipulation of the argument nama_supplier/alamat_supplier/notelp_supplier leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260270 is the identifier assigned to this vulnerability. | 2024-04-11 | 3.5 | CVE-2024-3613 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester–warehouse_management_system | A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. This affects an unknown part of the file customer.php. The manipulation of the argument nama_customer/alamat_customer/notelp_customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260271. | 2024-04-11 | 3.5 | CVE-2024-3614 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester–warehouse_management_system | A vulnerability classified as problematic was found in SourceCodester Warehouse Management System 1.0. This vulnerability affects unknown code of the file pengguna.php. The manipulation of the argument admin_user/admin_nama/admin_alamat/admin_telepon leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260272. | 2024-04-11 | 3.5 | CVE-2024-3616 [email protected] [email protected] [email protected] [email protected] |
| sumome — sumo | Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. | 2024-04-12 | 3.7 | CVE-2024-31265 [email protected] |
| webtoffee — wordpress_backup_&_migration | Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. | 2024-04-10 | 3.7 | CVE-2024-31254 [email protected] |
| zhejiang_land_zongheng_network_technology–o2oa | A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-12 | 3.7 | CVE-2024-3689 [email protected] [email protected] [email protected] [email protected] |
Severity Not Yet Assigned
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| aimhubio — aimhubio/aim | A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise. | 2024-04-10 | not yet calculated | CVE-2024-2195 [email protected] |
| aimhubio — aimhubio/aim | aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user’s consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulation. | 2024-04-10 | not yet calculated | CVE-2024-2196 [email protected] |
| apache_software_foundation — apache_kafka | While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Two preconditions are needed to trigger the bug: 1. The administrator decides to remove an ACL 2. The resource associated with the removed ACL continues to have two or more other ACLs associated with it after the removal. When those two preconditions are met, Kafka will treat the resource as if it had only one ACL associated with it after the removal, rather than the two or more that would be correct. The incorrect condition is cleared by removing all brokers in ZK mode, or by adding a new ACL to the affected resource. Once the migration is completed, there is no metadata loss (the ACLs all remain). The full impact depends on the ACLs in use. If only ALLOW ACLs were configured during the migration, the impact would be limited to availability impact. if DENY ACLs were configured, the impact could include confidentiality and integrity impact depending on the ACLs configured, as the DENY ACLs might be ignored due to this vulnerability during the migration period. | 2024-04-12 | not yet calculated | CVE-2024-27309 [email protected] |
| apache_software_foundation — apache_solr_operator | Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for accessing Solr: including the “solr” and “admin” accounts for use by end-users, and a “k8s-oper” account which the operator uses for its own requests to Solr. One common source of these operator requests is healthchecks: liveness, readiness, and startup probes are all used to determine Solr’s health and ability to receive traffic. By default, the operator configures the Solr APIs used for these probes to be exempt from authentication, but users may specifically request that authentication be required on probe endpoints as well. Whenever one of these probes would fail, if authentication was in use, the Solr Operator would create a Kubernetes “event” containing the username and password of the “k8s-oper” account. Within the affected version range, this vulnerability affects any solrcloud resource which (1) bootstrapped security through use of the `.solrOptions.security.authenticationType=basic` option, and (2) required authentication be used on probes by setting `.solrOptions.security.probesRequireAuth=true`. Users are recommended to upgrade to Solr Operator version 0.8.1, which fixes this issue by ensuring that probes no longer print the credentials used for Solr requests. Users may also mitigate the vulnerability by disabling authentication on their healthcheck probes using the setting `.solrOptions.security.probesRequireAuth=false`. | 2024-04-12 | not yet calculated | CVE-2024-31391 [email protected] |
| apache_software_foundation — apache_traffic_server | HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue. | 2024-04-10 | not yet calculated | CVE-2024-31309 [email protected] [email protected] [email protected] |
| apache_software_foundation — apache_zeppelin_sap | Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2024-04-09 | not yet calculated | CVE-2022-47894 [email protected] [email protected] |
| apache_software_foundation — apache_zeppelin | Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | 2024-04-09 | not yet calculated | CVE-2021-28656 [email protected] |
| apache_software_foundation — apache_zeppelin | Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31860 [email protected] [email protected] |
| apache_software_foundation — apache_zeppelin | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Zeppelin. The attackers can use Shell interpreter as a code generation gateway, and execute the generated code as a normal way. This issue affects Apache Zeppelin: from 0.10.1 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which doesn’t have Shell interpreter by default. | 2024-04-11 | not yet calculated | CVE-2024-31861 [email protected] [email protected] |
| apache_software_foundation — apache_zeppelin | Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin’s UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31862 [email protected] [email protected] |
| apache_software_foundation — apache_zeppelin | Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31863 [email protected] |
| apache_software_foundation — apache_zeppelin | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31864 [email protected] [email protected] [email protected] |
| apache_software_foundation — apache_zeppelin | Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31865 [email protected] [email protected] |
| apache_software_foundation — apache_zeppelin | Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31866 [email protected] [email protected] |
| apache_software_foundation — apache_zeppelin | Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31867 [email protected] [email protected] |
| apache_software_foundation — apache_zeppelin | Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31868 [email protected] [email protected] |
| berriai — berriai/litellm | BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server. | 2024-04-10 | not yet calculated | CVE-2024-2952 [email protected] |
| devolutions — server | Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request. | 2024-04-09 | not yet calculated | CVE-2024-2918 [email protected] |
| devolutions — server | Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled. | 2024-04-09 | not yet calculated | CVE-2024-3545 [email protected] |
| furuno_systems_co-ltd — acera_9010-08 | The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration. | 2024-04-08 | not yet calculated | CVE-2024-28744 [email protected] [email protected] |
| gaizhenbiao — gaizhenbiao/chuanhuchatgpt | gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, etc.), configuration details, and user credentials. The issue stems from the application’s handling of HTTP requests for the `config.json` file, which does not properly restrict access based on user authentication. | 2024-04-10 | not yet calculated | CVE-2024-2217 [email protected] [email protected] |
| google — chrome | Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High) | 2024-04-10 | not yet calculated | CVE-2024-3157 [email protected] [email protected] [email protected] [email protected] |
| google — chrome | Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-04-10 | not yet calculated | CVE-2024-3515 [email protected] [email protected] [email protected] [email protected] |
| google — chrome | Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-04-10 | not yet calculated | CVE-2024-3516 [email protected] [email protected] [email protected] [email protected] |
| gradio-app — gradio-app/gradio | gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server. | 2024-04-10 | not yet calculated | CVE-2024-1728 [email protected] [email protected] |
| hp_inc. — poly_ccx_devices | A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor. | 2024-04-09 | not yet calculated | CVE-2024-3281 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52537 [email protected] [email protected] |
| huawei — harmonyos | Permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52539 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52540 [email protected] [email protected] |
| huawei — harmonyos | Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52541 [email protected] [email protected] |
| huawei — harmonyos | Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52542 [email protected] [email protected] |
| huawei — harmonyos | Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52543 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52544 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of undefined permissions in the Calendar app. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52545 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52546 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52549 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52550 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52551 [email protected] [email protected] |
| huawei — harmonyos | Input verification vulnerability in the power module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52552 [email protected] [email protected] |
| huawei — harmonyos | Race condition vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52553 [email protected] [email protected] |
| huawei — harmonyos | Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52554 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 2024-04-07 | not yet calculated | CVE-2023-52713 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-07 | not yet calculated | CVE-2023-52714 [email protected] [email protected] |
| huawei — harmonyos | The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability. | 2024-04-07 | not yet calculated | CVE-2023-52715 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-07 | not yet calculated | CVE-2023-52716 [email protected] [email protected] |
| huawei — harmonyos | Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-07 | not yet calculated | CVE-2023-52717 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52359 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of input parameters being not strictly verified in the RSMC module. Impact: Successful exploitation of this vulnerability may cause out-of-bounds write. | 2024-04-08 | not yet calculated | CVE-2023-52364 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of improper control over foreground service notifications in the notification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-07 | not yet calculated | CVE-2023-52382 [email protected] [email protected] |
| huawei — harmonyos | Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52385 [email protected] [email protected] |
| huawei — harmonyos | Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52386 [email protected] [email protected] |
| huawei — harmonyos | Permission control vulnerability in the clock module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52388 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality. | 2024-04-08 | not yet calculated | CVE-2024-27895 [email protected] [email protected] |
| huawei — harmonyos | Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity. | 2024-04-08 | not yet calculated | CVE-2024-27896 [email protected] [email protected] |
| huawei — harmonyos | Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2024-27897 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-07 | not yet calculated | CVE-2024-30413 [email protected] [email protected] |
| huawei — harmonyos | Command injection vulnerability in the AccountManager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-07 | not yet calculated | CVE-2024-30414 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-07 | not yet calculated | CVE-2024-30415 [email protected] [email protected] |
| huawei — harmonyos | Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-07 | not yet calculated | CVE-2024-30416 [email protected] [email protected] |
| huawei — harmonyos | Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-07 | not yet calculated | CVE-2024-30417 [email protected] [email protected] |
| huawei — harmonyos | Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-07 | not yet calculated | CVE-2024-30418 [email protected] [email protected] |
| huggingface — huggingface/transformers | The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine. | 2024-04-10 | not yet calculated | CVE-2024-3568 [email protected] [email protected] |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: usb: musb: tusb6010: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. | 2024-04-10 | not yet calculated | CVE-2021-47181 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsi_mode_sense() buffer length handling Several problems exist with scsi_mode_sense() buffer length handling: 1) The allocation length field of the MODE SENSE(10) command is 16-bits, occupying bytes 7 and 8 of the CDB. With this command, access to mode pages larger than 255 bytes is thus possible. However, the CDB allocation length field is set by assigning len to byte 8 only, thus truncating buffer length larger than 255. 2) If scsi_mode_sense() is called with len smaller than 8 with sdev->use_10_for_ms set, or smaller than 4 otherwise, the buffer length is increased to 8 and 4 respectively, and the buffer is zero filled with these increased values, thus corrupting the memory following the buffer. Fix these 2 problems by using put_unaligned_be16() to set the allocation length field of MODE SENSE(10) CDB and by returning an error when len is too small. Furthermore, if len is larger than 255B, always try MODE SENSE(10) first, even if the device driver did not set sdev->use_10_for_ms. In case of invalid opcode error for MODE SENSE(10), access to mode pages larger than 255 bytes are not retried using MODE SENSE(6). To avoid buffer length overflows for the MODE_SENSE(10) case, check that len is smaller than 65535 bytes. While at it, also fix the folowing: * Use get_unaligned_be16() to retrieve the mode data length and block descriptor length fields of the mode sense reply header instead of using an open coded calculation. * Fix the kdoc dbd argument explanation: the DBD bit stands for Disable Block Descriptor, which is the opposite of what the dbd argument description was. | 2024-04-10 | not yet calculated | CVE-2021-47182 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer dereference. Driver unload requests may hang with repeated “2878” log messages. The Link down processing results in ABTS requests for outstanding ELS requests. The Abort WQEs are sent for the ELSs before the driver had set the link state to down. Thus the driver is sending the Abort with the expectation that an ABTS will be sent on the wire. The Abort request is stalled waiting for the link to come up. In some conditions the driver may auto-complete the ELSs thus if the link does come up, the Abort completions may reference an invalid structure. Fix by ensuring that Abort set the flag to avoid link traffic if issued due to conditions where the link failed. | 2024-04-10 | not yet calculated | CVE-2021-47183 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. Added new I40E_VSI_RELEASING flag to signalize deleting and releasing of VSI resources to sync this thread with sync filters subtask. Without this patch it is possible to start update the VSI filter list after VSI is removed, that’s causing a kernel oops. | 2024-04-10 | not yet calculated | CVE-2021-47184 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound flush_to_ldisc Call trace: dump_backtrace+0x0/0x1ec show_stack+0x24/0x30 dump_stack+0xd0/0x128 panic+0x15c/0x374 watchdog_timer_fn+0x2b8/0x304 __run_hrtimer+0x88/0x2c0 __hrtimer_run_queues+0xa4/0x120 hrtimer_interrupt+0xfc/0x270 arch_timer_handler_phys+0x40/0x50 handle_percpu_devid_irq+0x94/0x220 __handle_domain_irq+0x88/0xf0 gic_handle_irq+0x84/0xfc el1_irq+0xc8/0x180 slip_unesc+0x80/0x214 [slip] tty_ldisc_receive_buf+0x64/0x80 tty_port_default_receive_buf+0x50/0x90 flush_to_ldisc+0xbc/0x110 process_one_work+0x1d4/0x4b0 worker_thread+0x180/0x430 kthread+0x11c/0x120 In the testcase pty04, The first process call the write syscall to send data to the pty master. At the same time, the workqueue will do the flush_to_ldisc to pop data in a loop until there is no more data left. When the sender and workqueue running in different core, the sender sends data fastly in full time which will result in workqueue doing work in loop for a long time and occuring softlockup in flush_to_ldisc with kernel configured without preempt. So I add need_resched check and cond_resched in the flush_to_ldisc loop to avoid it. | 2024-04-10 | not yet calculated | CVE-2021-47185 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: tipc: check for null after calling kmemdup kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipc_crypto_key_xmit as can be seen in the trace [1]. [1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58 | 2024-04-10 | not yet calculated | CVE-2021-47186 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency The entry/exit latency and minimum residency in state for the idle states of MSM8998 were ..bad: first of all, for all of them the timings were written for CPU sleep but the min-residency-us param was miscalculated (supposedly, while porting this from downstream); Then, the power collapse states are setting PC on both the CPU cluster *and* the L2 cache, which have different timings: in the specific case of L2 the times are higher so these ones should be taken into account instead of the CPU ones. This parameter misconfiguration was not giving particular issues because on MSM8998 there was no CPU scaling at all, so cluster/L2 power collapse was rarely (if ever) hit. When CPU scaling is enabled, though, the wrong timings will produce SoC unstability shown to the user as random, apparently error-less, sudden reboots and/or lockups. This set of parameters are stabilizing the SoC when CPU scaling is ON and when power collapse is frequently hit. | 2024-04-10 | not yet calculated | CVE-2021-47187 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queuecommand+0x468/0x65c scsi_send_eh_cmnd+0x224/0x6a0 scsi_eh_test_devices+0x248/0x418 scsi_eh_ready_devs+0xc34/0xe58 scsi_error_handler+0x204/0x80c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 That warning is triggered by the following statement: WARN_ON(lrbp->cmd); Fix this warning by clearing lrbp->cmd from the abort handler. | 2024-04-10 | not yet calculated | CVE-2021-47188 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren’t guaranteed to be handled by the same thread which executed the normal work functions. The only way execution between normal/ordered functions is synchronized is via the WORK_DONE_BIT, unfortunately the used bitops don’t guarantee any ordering whatsoever. This manifested as seemingly inexplicable crashes on ARM64, where async_chunk::inode is seen as non-null in async_cow_submit which causes submit_compressed_extents to be called and crash occurs because async_chunk::inode suddenly became NULL. The call trace was similar to: pc : submit_compressed_extents+0x38/0x3d0 lr : async_cow_submit+0x50/0xd0 sp : ffff800015d4bc20 <registers omitted for brevity> Call trace: submit_compressed_extents+0x38/0x3d0 async_cow_submit+0x50/0xd0 run_ordered_work+0xc8/0x280 btrfs_work_helper+0x98/0x250 process_one_work+0x1f0/0x4ac worker_thread+0x188/0x504 kthread+0x110/0x114 ret_from_fork+0x10/0x18 Fix this by adding respective barrier calls which ensure that all accesses preceding setting of WORK_DONE_BIT are strictly ordered before setting the flag. At the same time add a read barrier after reading of WORK_DONE_BIT in run_ordered_work which ensures all subsequent loads would be strictly ordered after reading the bit. This in turn ensures are all accesses before WORK_DONE_BIT are going to be strictly ordered before any access that can occur in ordered_func. | 2024-04-10 | not yet calculated | CVE-2021-47189 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn’t insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if insertion didn’t happen. v2. Adds a return -1 when the insertion error occurs in perf_env__fetch_btf. This doesn’t affect anything as the result is never checked. | 2024-04-10 | not yet calculated | CVE-2021-47190 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() The following warning was observed running syzkaller: [ 3813.830724] sg_write: data in/out 65466/242 bytes for SCSI command 0x9e– guessing data in; [ 3813.830724] program syz-executor not setting count and/or reply_len properly [ 3813.836956] ================================================================== [ 3813.839465] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x157/0x1e0 [ 3813.841773] Read of size 4096 at addr ffff8883cf80f540 by task syz-executor/1549 [ 3813.846612] Call Trace: [ 3813.846995] dump_stack+0x108/0x15f [ 3813.847524] print_address_description+0xa5/0x372 [ 3813.848243] kasan_report.cold+0x236/0x2a8 [ 3813.849439] check_memory_region+0x240/0x270 [ 3813.850094] memcpy+0x30/0x80 [ 3813.850553] sg_copy_buffer+0x157/0x1e0 [ 3813.853032] sg_copy_from_buffer+0x13/0x20 [ 3813.853660] fill_from_dev_buffer+0x135/0x370 [ 3813.854329] resp_readcap16+0x1ac/0x280 [ 3813.856917] schedule_resp+0x41f/0x1630 [ 3813.858203] scsi_debug_queuecommand+0xb32/0x17e0 [ 3813.862699] scsi_dispatch_cmd+0x330/0x950 [ 3813.863329] scsi_request_fn+0xd8e/0x1710 [ 3813.863946] __blk_run_queue+0x10b/0x230 [ 3813.864544] blk_execute_rq_nowait+0x1d8/0x400 [ 3813.865220] sg_common_write.isra.0+0xe61/0x2420 [ 3813.871637] sg_write+0x6c8/0xef0 [ 3813.878853] __vfs_write+0xe4/0x800 [ 3813.883487] vfs_write+0x17b/0x530 [ 3813.884008] ksys_write+0x103/0x270 [ 3813.886268] __x64_sys_write+0x77/0xc0 [ 3813.886841] do_syscall_64+0x106/0x360 [ 3813.887415] entry_SYSCALL_64_after_hwframe+0x44/0xa9 This issue can be reproduced with the following syzkaller log: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)=’./file0\x00′, 0x26e1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)=’fd/3\x00′) open_by_handle_at(r1, &(0x7f00000003c0)=ANY=[@ANYRESHEX], 0x602000) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40782) write$binfmt_aout(r2, &(0x7f0000000340)=ANY=[@ANYBLOB=”00000000deff000000000000000000000000000000000000000000000000000047f007af9e107a41ec395f1bded7be24277a1501ff6196a83366f4e6362bc0ff2b247f68a972989b094b2da4fb3607fcf611a22dd04310d28c75039d”], 0x126) In resp_readcap16() we get “int alloc_len” value -1104926854, and then pass the huge arr_len to fill_from_dev_buffer(), but arr is only 32 bytes. This leads to OOB in sg_copy_buffer(). To solve this issue, define alloc_len as u32. | 2024-04-10 | not yet calculated | CVE-2021-47191 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 (“scsi: core: Fix capacity set to zero after offlinining device”) The problem is that after iSCSI recovery, iscsid will call into the kernel to set the dev’s state to running, and with that patch we now call scsi_rescan_device() with the state_mutex held. If the SCSI error handler thread is just starting to test the device in scsi_send_eh_cmnd() then it’s going to try to grab the state_mutex. We are then stuck, because when scsi_rescan_device() tries to send its I/O scsi_queue_rq() calls -> scsi_host_queue_ready() -> scsi_host_in_recovery() which will return true (the host state is still in recovery) and I/O will just be requeued. scsi_send_eh_cmnd() will then never be able to grab the state_mutex to finish error handling. To prevent the deadlock move the rescan-related code to after we drop the state_mutex. This also adds a check for if we are already in the running state. This prevents extra scans and helps the iscsid case where if the transport class has already onlined the device during its recovery process then we don’t need userspace to do it again plus possibly block that daemon. | 2024-04-10 | not yet calculated | CVE-2021-47192 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. This would lead to memory leak during driver removal. Properly free memory when the module is removed. | 2024-04-10 | not yet calculated | CVE-2021-47193 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanup cfg80211_stop_ap(), this leads to the initialization of in-use data. For example, this path re-init the sdata->assigned_chanctx_list while it is still an element of assigned_vifs list, and makes that linked list corrupt. | 2024-04-10 | not yet calculated | CVE-2021-47194 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 (“spi: Fix deadlock when adding SPI controllers on SPI buses”) introduced a per-controller mutex. But mutex_unlock() of said lock is called after the controller is already freed: spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock) Move the put_device() after the mutex_unlock(). | 2024-04-10 | not yet calculated | CVE-2021-47195 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Set send and receive CQ before forwarding to the driver Preset both receive and send CQ pointers prior to call to the drivers and overwrite it later again till the mlx4 is going to be changed do not overwrite ibqp properties. This change is needed for mlx5, because in case of QP creation failure, it will go to the path of QP destroy which relies on proper CQ pointers. BUG: KASAN: use-after-free in create_qp.cold+0x164/0x16e [mlx5_ib] Write of size 8 at addr ffff8880064c55c0 by task a.out/246 CPU: 0 PID: 246 Comm: a.out Not tainted 5.15.0+ #291 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl+0x45/0x59 print_address_description.constprop.0+0x1f/0x140 kasan_report.cold+0x83/0xdf create_qp.cold+0x164/0x16e [mlx5_ib] mlx5_ib_create_qp+0x358/0x28a0 [mlx5_ib] create_qp.part.0+0x45b/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Allocated by task 246: kasan_save_stack+0x1b/0x40 __kasan_kmalloc+0xa4/0xd0 create_qp.part.0+0x92/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Freed by task 246: kasan_save_stack+0x1b/0x40 kasan_set_track+0x1c/0x30 kasan_set_free_info+0x20/0x30 __kasan_slab_free+0x10c/0x150 slab_free_freelist_hook+0xb4/0x1b0 kfree+0xe7/0x2a0 create_qp.part.0+0x52b/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae | 2024-04-10 | not yet calculated | CVE-2021-47196 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() Prior to this patch in case mlx5_core_destroy_cq() failed it proceeds to rest of destroy operations. mlx5_core_destroy_cq() could be called again by user and cause additional call of mlx5_debug_cq_remove(). cq->dbg was not nullify in previous call and cause the crash. Fix it by nullify cq->dbg pointer after removal. Also proceed to destroy operations only if FW return 0 for MLX5_CMD_OP_DESTROY_CQ command. general protection fault, probably for non-canonical address 0x2000300004058: 0000 [#1] SMP PTI CPU: 5 PID: 1228 Comm: python Not tainted 5.15.0-rc5_for_upstream_min_debug_2021_10_14_11_06 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:lockref_get+0x1/0x60 Code: 5d e9 53 ff ff ff 48 8d 7f 70 e8 0a 2e 48 00 c7 85 d0 00 00 00 02 00 00 00 c6 45 70 00 fb 5d c3 c3 cc cc cc cc cc cc cc cc 53 <48> 8b 17 48 89 fb 85 d2 75 3d 48 89 d0 bf 64 00 00 00 48 89 c1 48 RSP: 0018:ffff888137dd7a38 EFLAGS: 00010206 RAX: 0000000000000000 RBX: ffff888107d5f458 RCX: 00000000fffffffe RDX: 000000000002c2b0 RSI: ffffffff8155e2e0 RDI: 0002000300004058 RBP: ffff888137dd7a88 R08: 0002000300004058 R09: ffff8881144a9f88 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881141d4000 R13: ffff888137dd7c68 R14: ffff888137dd7d58 R15: ffff888137dd7cc0 FS: 00007f4644f2a4c0(0000) GS:ffff8887a2d40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b4500f4380 CR3: 0000000114f7a003 CR4: 0000000000170ea0 Call Trace: simple_recursive_removal+0x33/0x2e0 ? debugfs_remove+0x60/0x60 debugfs_remove+0x40/0x60 mlx5_debug_cq_remove+0x32/0x70 [mlx5_core] mlx5_core_destroy_cq+0x41/0x1d0 [mlx5_core] devx_obj_cleanup+0x151/0x330 [mlx5_ib] ? __pollwait+0xd0/0xd0 ? xas_load+0x5/0x70 ? xa_load+0x62/0xa0 destroy_hw_idr_uobject+0x20/0x80 [ib_uverbs] uverbs_destroy_uobject+0x3b/0x360 [ib_uverbs] uobj_destroy+0x54/0xa0 [ib_uverbs] ib_uverbs_cmd_verbs+0xaf2/0x1160 [ib_uverbs] ? uverbs_finalize_object+0xd0/0xd0 [ib_uverbs] ib_uverbs_ioctl+0xc4/0x1b0 [ib_uverbs] __x64_sys_ioctl+0x3e4/0x8e0 | 2024-04-10 | not yet calculated | CVE-2021-47197 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: “KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b” The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but the flag is not cleared upon completion of the login. This allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi set to LPFC_RPI_ALLOW_ERROR. This results in a use after free access when used as an rpi_ids array index. Fix by clearing the NLP_REG_LOGIN_SEND nlp_flag in lpfc_mbx_cmpl_fc_reg_login(). | 2024-04-10 | not yet calculated | CVE-2021-47198 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT, Fix multiple allocations and memleak of mod acts CT clear action offload adds additional mod hdr actions to the flow’s original mod actions in order to clear the registers which hold ct_state. When such flow also includes encap action, a neigh update event can cause the driver to unoffload the flow and then reoffload it. Each time this happens, the ct clear handling adds that same set of mod hdr actions to reset ct_state until the max of mod hdr actions is reached. Also the driver never releases the allocated mod hdr actions and causing a memleak. Fix above two issues by moving CT clear mod acts allocation into the parsing actions phase and only use it when offloading the rule. The release of mod acts will be done in the normal flow_put(). backtrace: [<000000007316e2f3>] krealloc+0x83/0xd0 [<00000000ef157de1>] mlx5e_mod_hdr_alloc+0x147/0x300 [mlx5_core] [<00000000970ce4ae>] mlx5e_tc_match_to_reg_set_and_get_id+0xd7/0x240 [mlx5_core] [<0000000067c5fa17>] mlx5e_tc_match_to_reg_set+0xa/0x20 [mlx5_core] [<00000000d032eb98>] mlx5_tc_ct_entry_set_registers.isra.0+0x36/0xc0 [mlx5_core] [<00000000fd23b869>] mlx5_tc_ct_flow_offload+0x272/0x1f10 [mlx5_core] [<000000004fc24acc>] mlx5e_tc_offload_fdb_rules.part.0+0x150/0x620 [mlx5_core] [<00000000dc741c17>] mlx5e_tc_encap_flows_add+0x489/0x690 [mlx5_core] [<00000000e92e49d7>] mlx5e_rep_update_flows+0x6e4/0x9b0 [mlx5_core] [<00000000f60f5602>] mlx5e_rep_neigh_update+0x39a/0x5d0 [mlx5_core] | 2024-04-10 | not yet calculated | CVE-2021-47199 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap drm_gem_ttm_mmap() drops a reference to the gem object on success. If the gem object’s refcount == 1 on entry to drm_gem_prime_mmap(), that drop will free the gem object, and the subsequent drm_gem_object_get() will be a UAF. Fix by grabbing a reference before calling the mmap helper. This issue was forseen when the reference dropping was adding in commit 9786b65bc61ac (“drm/ttm: fix mmap refcounting”): “For that to work properly the drm_gem_object_get() call in drm_gem_ttm_mmap() must be moved so it happens before calling obj->funcs->mmap(), otherwise the gem refcount would go down to zero.” | 2024-04-10 | not yet calculated | CVE-2021-47200 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: iavf: free q_vectors before queues in iavf_disable_vf iavf_free_queues() clears adapter->num_active_queues, which iavf_free_q_vectors() relies on, so swap the order of these two function calls in iavf_disable_vf(). This resolves a panic encountered when the interface is disabled and then later brought up again after PF communication is restored. | 2024-04-10 | not yet calculated | CVE-2021-47201 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consuming a thermal sensor and that thermal sensor device hasn’t probed yet, an attempt to set trip_point_*_temp for that thermal zone device can cause a NULL pointer dereference. Fix it. console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp … Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 … Call trace: of_thermal_set_trip_temp+0x40/0xc4 trip_point_temp_store+0xc0/0x1dc dev_attr_store+0x38/0x88 sysfs_kf_write+0x64/0xc0 kernfs_fop_write_iter+0x108/0x1d0 vfs_write+0x2f4/0x368 ksys_write+0x7c/0xec __arm64_sys_write+0x20/0x30 el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc do_el0_svc+0x28/0xa0 el0_svc+0x14/0x24 el0_sync_handler+0x88/0xec el0_sync+0x1c0/0x200 While at it, fix the possible NULL pointer dereference in other functions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend(). | 2024-04-10 | not yet calculated | CVE-2021-47202 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local “fail_msg” string is set and a log message output. The job is then added to a completions list for cancellation. Processing of any further jobs from the txq list continues, but since “fail_msg” remains set, jobs are added to the completions list regardless of whether a wqe was passed to the adapter. If successfully added to txcmplq, jobs are added to both lists resulting in list corruption. Fix by clearing the fail_msg string after adding a job to the completions list. This stops the subsequent jobs from being added to the completions list unless they had an appropriate failure. | 2024-04-10 | not yet calculated | CVE-2021-47203 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove Access to netdev after free_netdev() will cause use-after-free bug. Move debug log before free_netdev() call to avoid it. | 2024-04-10 | not yet calculated | CVE-2021-47204 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device’s MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some clock operation tries to perform MMIO. Fix this by separating the CCU initialization from the memory allocation, and then using a devres callback to unregister the clocks and resets. This also fixes a memory leak of the `struct ccu_reset`, and uses the correct owner (the specific platform driver) for the clocks and resets. Early OF clock providers are never unregistered, and limited error handling is possible, so they are mostly unchanged. The error reporting is made more consistent by moving the message inside of_sunxi_ccu_probe. | 2024-04-10 | not yet calculated | CVE-2021-47205 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. | 2024-04-10 | not yet calculated | CVE-2021-47206 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: ALSA: gus: fix null pointer dereference on pointer block The pointer block return from snd_gf1_dma_next_block could be null, so there is a potential null pointer dereference issue. Fix this by adding a null check before dereference. | 2024-04-10 | not yet calculated | CVE-2021-47207 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfs_rq’s Kevin is reporting crashes which point to a use-after-free of a cfs_rq in update_blocked_averages(). Initial debugging revealed that we’ve live cfs_rq’s (on_list=1) in an about to be kfree()’d task group in free_fair_sched_group(). However, it was unclear how that can happen. His kernel config happened to lead to a layout of struct sched_entity that put the ‘my_q’ member directly into the middle of the object which makes it incidentally overlap with SLUB’s freelist pointer. That, in combination with SLAB_FREELIST_HARDENED’s freelist pointer mangling, leads to a reliable access violation in form of a #GP which made the UAF fail fast. Michal seems to have run into the same issue[1]. He already correctly diagnosed that commit a7b359fc6a37 (“sched/fair: Correctly insert cfs_rq’s to list on unthrottle”) is causing the preconditions for the UAF to happen by re-adding cfs_rq’s also to task groups that have no more running tasks, i.e. also to dead ones. His analysis, however, misses the real root cause and it cannot be seen from the crash backtrace only, as the real offender is tg_unthrottle_up() getting called via sched_cfs_period_timer() via the timer interrupt at an inconvenient time. When unregister_fair_sched_group() unlinks all cfs_rq’s from the dying task group, it doesn’t protect itself from getting interrupted. If the timer interrupt triggers while we iterate over all CPUs or after unregister_fair_sched_group() has finished but prior to unlinking the task group, sched_cfs_period_timer() will execute and walk the list of task groups, trying to unthrottle cfs_rq’s, i.e. re-add them to the dying task group. These will later — in free_fair_sched_group() — be kfree()’ed while still being linked, leading to the fireworks Kevin and Michal are seeing. To fix this race, ensure the dying task group gets unlinked first. However, simply switching the order of unregistering and unlinking the task group isn’t sufficient, as concurrent RCU walkers might still see it, as can be seen below: CPU1: CPU2: : timer IRQ: : do_sched_cfs_period_timer(): : : : distribute_cfs_runtime(): : rcu_read_lock(); : : : unthrottle_cfs_rq(): sched_offline_group(): : : walk_tg_tree_from(…,tg_unthrottle_up,…): list_del_rcu(&tg->list); : (1) : list_for_each_entry_rcu(child, &parent->children, siblings) : : (2) list_del_rcu(&tg->siblings); : : tg_unthrottle_up(): unregister_fair_sched_group(): struct cfs_rq *cfs_rq = tg->cfs_rq[cpu_of(rq)]; : : list_del_leaf_cfs_rq(tg->cfs_rq[cpu]); : : : : if (!cfs_rq_is_decayed(cfs_rq) || cfs_rq->nr_running) (3) : list_add_leaf_cfs_rq(cfs_rq); : : : : : : : : : —truncated— | 2024-04-10 | not yet calculated | CVE-2021-47209 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: usb: typec: tipd: Remove WARN_ON in tps6598x_block_read Calling tps6598x_block_read with a higher than allowed len can be handled by just returning an error. There’s no need to crash systems with panic-on-warn enabled. | 2024-04-10 | not yet calculated | CVE-2021-47210 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix null pointer dereference on pointer cs_desc The pointer cs_desc return from snd_usb_find_clock_source could be null, so there is a potential null pointer dereference issue. Fix this by adding a null check before dereference. | 2024-04-10 | not yet calculated | CVE-2021-47211 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow, the device state is set to internal error, which indicates that the driver started the destroy process. In this case, when a destroy command is being executed, it should return MLX5_CMD_STAT_OK. Fix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK instead of EIO. This fixes a call trace in the umem release process – [ 2633.536695] Call Trace: [ 2633.537518] ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs] [ 2633.538596] remove_client_context+0x8b/0xd0 [ib_core] [ 2633.539641] disable_device+0x8c/0x130 [ib_core] [ 2633.540615] __ib_unregister_device+0x35/0xa0 [ib_core] [ 2633.541640] ib_unregister_device+0x21/0x30 [ib_core] [ 2633.542663] __mlx5_ib_remove+0x38/0x90 [mlx5_ib] [ 2633.543640] auxiliary_bus_remove+0x1e/0x30 [auxiliary] [ 2633.544661] device_release_driver_internal+0x103/0x1f0 [ 2633.545679] bus_remove_device+0xf7/0x170 [ 2633.546640] device_del+0x181/0x410 [ 2633.547606] mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core] [ 2633.548777] mlx5_unregister_device+0x27/0x40 [mlx5_core] [ 2633.549841] mlx5_uninit_one+0x21/0xc0 [mlx5_core] [ 2633.550864] remove_one+0x69/0xe0 [mlx5_core] [ 2633.551819] pci_device_remove+0x3b/0xc0 [ 2633.552731] device_release_driver_internal+0x103/0x1f0 [ 2633.553746] unbind_store+0xf6/0x130 [ 2633.554657] kernfs_fop_write+0x116/0x190 [ 2633.555567] vfs_write+0xa5/0x1a0 [ 2633.556407] ksys_write+0x4f/0xb0 [ 2633.557233] do_syscall_64+0x5b/0x1a0 [ 2633.558071] entry_SYSCALL_64_after_hwframe+0x65/0xca [ 2633.559018] RIP: 0033:0x7f9977132648 [ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55 [ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648 [ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001 [ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740 [ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0 [ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c [ 2633.568725] —[ end trace 10b4fe52945e544d ]— | 2024-04-10 | not yet calculated | CVE-2021-47212 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: hugetlb, userfaultfd: fix reservation restore on userfaultfd error Currently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we bail out using “goto out_release_unlock;” in the cases where idx >= size, or !huge_pte_none(), the code will detect that new_pagecache_page == false, and so call restore_reserve_on_error(). In this case I see restore_reserve_on_error() delete the reservation, and the following call to remove_inode_hugepages() will increment h->resv_hugepages causing a 100% reproducible leak. We should treat the is_continue case similar to adding a page into the pagecache and set new_pagecache_page to true, to indicate that there is no reservation to restore on the error path, and we need not call restore_reserve_on_error(). Rename new_pagecache_page to page_in_pagecache to make that clear. | 2024-04-10 | not yet calculated | CVE-2021-47214 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contexts that require some attention, to communicate their resync information to the HW. Here we fix list corruptions, by protecting the entries against movements coming from resync_handle_seq_match(), until their resync handling in napi is fully completed. | 2024-04-10 | not yet calculated | CVE-2021-47215 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: scsi: advansys: Fix kernel pointer leak Pointers should be printed with %p or %px rather than cast to ‘unsigned long’ and printed with %lx. Change %lx to %p to print the hashed pointer. | 2024-04-10 | not yet calculated | CVE-2021-47216 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails Check for a valid hv_vp_index array prior to derefencing hv_vp_index when setting Hyper-V’s TSC change callback. If Hyper-V setup failed in hyperv_init(), the kernel will still report that it’s running under Hyper-V, but will have silently disabled nearly all functionality. BUG: kernel NULL pointer dereference, address: 0000000000000010 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) – not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 4 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc2+ #75 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:set_hv_tscchange_cb+0x15/0xa0 Code: <8b> 04 82 8b 15 12 17 85 01 48 c1 e0 20 48 0d ee 00 01 00 f6 c6 08 … Call Trace: kvm_arch_init+0x17c/0x280 kvm_init+0x31/0x330 vmx_init+0xba/0x13a do_one_initcall+0x41/0x1c0 kernel_init_freeable+0x1f2/0x23b kernel_init+0x16/0x120 ret_from_fork+0x22/0x30 | 2024-04-10 | not yet calculated | CVE-2021-47217 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: selinux: fix NULL-pointer dereference when hashtab allocation fails When the hash table slot array allocation fails in hashtab_init(), h->size is left initialized with a non-zero value, but the h->htable pointer is NULL. This may then cause a NULL pointer dereference, since the policydb code relies on the assumption that even after a failed hashtab_init(), hashtab_map() and hashtab_destroy() can be safely called on it. Yet, these detect an empty hashtab only by looking at the size. Fix this by making sure that hashtab_init() always leaves behind a valid empty hashtab when the allocation fails. | 2024-04-10 | not yet calculated | CVE-2021-47218 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() The following issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline] BUG: KASAN: slab-out-of-bounds in sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831 Read of size 2132 at addr ffff8880aea95dc8 by task syz-executor.0/9815 CPU: 0 PID: 9815 Comm: syz-executor.0 Not tainted 4.19.202-00874-gfc0fe04215a9 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xe4/0x14a lib/dump_stack.c:118 print_address_description+0x73/0x280 mm/kasan/report.c:253 kasan_report_error mm/kasan/report.c:352 [inline] kasan_report+0x272/0x370 mm/kasan/report.c:410 memcpy+0x1f/0x50 mm/kasan/kasan.c:302 memcpy include/linux/string.h:377 [inline] sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831 fill_from_dev_buffer+0x14f/0x340 drivers/scsi/scsi_debug.c:1021 resp_report_tgtpgs+0x5aa/0x770 drivers/scsi/scsi_debug.c:1772 schedule_resp+0x464/0x12f0 drivers/scsi/scsi_debug.c:4429 scsi_debug_queuecommand+0x467/0x1390 drivers/scsi/scsi_debug.c:5835 scsi_dispatch_cmd+0x3fc/0x9b0 drivers/scsi/scsi_lib.c:1896 scsi_request_fn+0x1042/0x1810 drivers/scsi/scsi_lib.c:2034 __blk_run_queue_uncond block/blk-core.c:464 [inline] __blk_run_queue+0x1a4/0x380 block/blk-core.c:484 blk_execute_rq_nowait+0x1c2/0x2d0 block/blk-exec.c:78 sg_common_write.isra.19+0xd74/0x1dc0 drivers/scsi/sg.c:847 sg_write.part.23+0x6e0/0xd00 drivers/scsi/sg.c:716 sg_write+0x64/0xa0 drivers/scsi/sg.c:622 __vfs_write+0xed/0x690 fs/read_write.c:485 kill_bdev:block_device:00000000e138492c vfs_write+0x184/0x4c0 fs/read_write.c:549 ksys_write+0x107/0x240 fs/read_write.c:599 do_syscall_64+0xc2/0x560 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe We get ‘alen’ from command its type is int. If userspace passes a large length we will get a negative ‘alen’. Switch n, alen, and rlen to u32. | 2024-04-10 | not yet calculated | CVE-2021-47219 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or slab-out-of-bounds. This patch validate 3 ipc response that has payload. | 2024-04-08 | not yet calculated | CVE-2024-26811 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check taprio_parse_tc_entry() is not correctly checking TCA_TAPRIO_TC_ENTRY_INDEX attribute: int tc; // Signed value tc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]); if (tc >= TC_QOPT_MAX_QUEUE) { NL_SET_ERR_MSG_MOD(extack, “TC entry index out of range”); return -ERANGE; } syzbot reported that it could fed arbitary negative values: UBSAN: shift-out-of-bounds in net/sched/sch_taprio.c:1722:18 shift exponent -2147418108 is negative CPU: 0 PID: 5066 Comm: syz-executor367 Not tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386 taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [inline] taprio_parse_tc_entries net/sched/sch_taprio.c:1768 [inline] taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877 taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134 qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355 tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f1b2dea3759 Code: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759 RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000 R10: 0000555500000000 R11: 0000000000000246 R12: 00007ffd4de45340 R13: 00007ffd4de45310 R14: 0000000000000001 R15: 00007ffd4de45340 | 2024-04-10 | not yet calculated | CVE-2024-26815 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the “startup_xen” entry point. This information is used prior to booting the kernel, so relocations are not useful. In fact, performing relocations against the .notes section means that the KASLR base is exposed since /sys/kernel/notes is world-readable. To avoid leaking the KASLR base without breaking unprivileged tools that are expecting to read /sys/kernel/notes, skip performing relocations in the .notes section. The values readable in .notes are then identical to those found in System.map. | 2024-04-10 | not yet calculated | CVE-2024-26816 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux | In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow. | 2024-04-13 | not yet calculated | CVE-2024-26817 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| lunary-ai — lunary-ai/lunary | lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project creation due to insufficient server-side validation of user account types during project creation. In the free account tier, users are limited to creating only two projects. However, this restriction is enforced only in the web UI and not on the server side, allowing users to bypass the limitation and create an unlimited number of projects without upgrading their account or incurring additional charges. This vulnerability is due to the lack of checks in the project creation endpoint. | 2024-04-10 | not yet calculated | CVE-2024-1599 [email protected] [email protected] |
| lunary-ai — lunary-ai/lunary | An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization’s project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails to verify if the project ID provided in the request belongs to the requesting user’s organization. As a result, an attacker can delete projects belonging to any organization by sending a crafted DELETE request with the target project’s ID. This issue affects the project deletion functionality implemented in the projects.delete route. | 2024-04-10 | not yet calculated | CVE-2024-1625 [email protected] [email protected] |
| lunary-ai — lunary-ai/lunary | By knowing an organization’s ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, posing a significant security risk. The flaw is due to insufficient verification of user permissions when joining an organization. | 2024-04-10 | not yet calculated | CVE-2024-1643 [email protected] [email protected] |
| lunary-ai — lunary-ai/lunary | In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an organization can still read, create, modify, and delete logs by re-using an old authorization token. The lunary web application communicates with the server using an ‘Authorization’ token in the browser, which does not properly invalidate upon the user’s removal from the organization. This allows the removed user to perform unauthorized actions on logs and access project and external user details without valid permissions. | 2024-04-10 | not yet calculated | CVE-2024-1740 [email protected] [email protected] |
| lunary-ai — lunary-ai/lunary | lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data. | 2024-04-10 | not yet calculated | CVE-2024-1741 [email protected] |
| lunary-ai — lunary-ai/lunary | lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization’s name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route. | 2024-04-10 | not yet calculated | CVE-2024-1902 [email protected] |
| mintplex-labs — mintplex-labs/anything-llm | mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application’s database. | 2024-04-10 | not yet calculated | CVE-2024-3025 [email protected] [email protected] |
| mintplex-labs — mintplex-labs/anything-llm | In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating ‘Multi-User Mode’. By sending a specially crafted curl request with the ‘multi_user_mode’ parameter set to false, an attacker can deactivate ‘Multi-User Mode’. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access. | 2024-04-10 | not yet calculated | CVE-2024-3101 [email protected] [email protected] |
| mintplex-labs — mintplex-labs/anything-llm | A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The ‘/admin/system-preferences’ API endpoint improperly authorizes manager-level users to modify the ‘multi_user_mode’ system variable, enabling them to access the ‘/api/system/enable-multi-user’ endpoint and create a new admin user. This issue results from the endpoint accepting a full JSON object in the request body without proper validation of modifiable fields, leading to unauthorized modification of system settings and subsequent privilege escalation. | 2024-04-10 | not yet calculated | CVE-2024-3283 [email protected] [email protected] |
| mintplex-labs — mintplex-labs/anything-llm | A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in ‘just me’ mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted ‘Authorization:’ header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition. | 2024-04-10 | not yet calculated | CVE-2024-3569 [email protected] [email protected] |
| mintplex-labs — mintplex-labs/anything-llm | A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user’s session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to perform actions on behalf of the user, such as creating a new admin account or changing the user’s password, leading to a complete takeover of the AnythingLLM application. The vulnerability stems from the improper sanitization of user and ChatBot input, specifically through the use of `dangerouslySetInnerHTML`. Successful exploitation requires convincing an admin to add a malicious LocalAI ChatBot to their AnythingLLM instance. | 2024-04-10 | not yet calculated | CVE-2024-3570 [email protected] [email protected] |
| mudler — mudler/localai | A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing them to ffmpeg via a shell command, allowing an attacker to execute arbitrary commands on the host system. Successful exploitation could lead to unauthorized access, data breaches, or other detrimental impacts, depending on the privileges of the process executing the code. | 2024-04-10 | not yet calculated | CVE-2024-2029 [email protected] [email protected] |
| node.js — node | An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition. | 2024-04-09 | not yet calculated | CVE-2024-27983 [email protected] |
| openssl — openssl | Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue. | 2024-04-08 | not yet calculated | CVE-2024-2511 [email protected] [email protected] [email protected] [email protected] [email protected] |
| parisneo — parisneo/lollms-webui | The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages. | 2024-04-10 | not yet calculated | CVE-2024-1511 [email protected] |
| parisneo — parisneo/lollms-webui | An OS Command Injection vulnerability exists in the ‘/open_code_folder’ endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the ‘discussion_id’ parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise. | 2024-04-10 | not yet calculated | CVE-2024-1520 [email protected] [email protected] |
| parisneo — parisneo/lollms-webui | A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application. | 2024-04-10 | not yet calculated | CVE-2024-1600 [email protected] [email protected] |
| parisneo — parisneo/lollms-webui | parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user’s browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker’s host. The issue affects various components of the application, including the handling of user input and model output. | 2024-04-10 | not yet calculated | CVE-2024-1602 [email protected] |
| qdrant — qdrant/qdrant | qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction. | 2024-04-10 | not yet calculated | CVE-2024-2221 [email protected] [email protected] |
| run-llama — run-llama/llama_index | A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw. | 2024-04-10 | not yet calculated | CVE-2024-3098 [email protected] [email protected] |
| saturday_drive — ninja_forms | Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed. | 2024-04-11 | not yet calculated | CVE-2024-25572 [email protected] [email protected] [email protected] |
| saturday_drive — ninja_forms | Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | 2024-04-11 | not yet calculated | CVE-2024-26019 [email protected] [email protected] [email protected] |
| saturday_drive — ninja_forms | Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | 2024-04-11 | not yet calculated | CVE-2024-29220 [email protected] [email protected] [email protected] |
| the_libreswan_project_(www.libreswan.org) — libreswan | The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan’s default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. | 2024-04-11 | not yet calculated | CVE-2024-3652 d42dc95b-23f1-4e06-9076-20753a0fb0df |
| unisoc_(shanghai)_technologies_co_ltd — sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2024-23658 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd — sc7731e/sc9832e/sc9863a/t310/t610/t618 | In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52535 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd — sc7731e/sc9832e/sc9863a/t310/t610/t618 | In faceid service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52536 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd — sc7731e/sc9832e/sc9863a/t310/t610/t618 | Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52538 [email protected] [email protected] |
| unisoc_(shanghai)_technologies_co_ltd — t760/t770/t820/s8000 | In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52533 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd — t760/t770/t820/s8000 | In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52534 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52346 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52347 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52348 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52349 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52350 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52351 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52352 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52345 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd. — t760/t770/t820/s8000 | In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52343 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd. — t760/t770/t820/s8000 | In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52341 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd. — t760/t770/t820/s8000 | In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52342 [email protected] |
| unisoc_(shanghai)_technologies_co_ltd. — t760/t770/t820/s8000 | In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52344 [email protected] |
| unknown — backwpup | The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site’s database. | 2024-04-08 | not yet calculated | CVE-2023-7164 [email protected] |
| unknown — font_farsi | The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-08 | not yet calculated | CVE-2024-1752 [email protected] |
| unknown — inline_related_posts | The Inline Related Posts WordPress plugin before 3.6.0 does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts | 2024-04-11 | not yet calculated | CVE-2023-6257 [email protected] |
| unknown — post_grid_form_maker_popup_maker_woocommerce_blocks_post_blocks_post_carousel_ | The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts | 2024-04-11 | not yet calculated | CVE-2024-0881 [email protected] |
| unknown — responsive_gallery_grid | The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-09 | not yet calculated | CVE-2024-1664 [email protected] |
| unknown — sendpress_newsletters | The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-08 | not yet calculated | CVE-2024-1588 [email protected] |
| unknown — sendpress_newsletters | The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-08 | not yet calculated | CVE-2024-1589 [email protected] |
| unknown — the_ultimate_video_player_for_wordpress_ | The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks | 2024-04-10 | not yet calculated | CVE-2024-2428 [email protected] |
| unknown — wordpress_ping_optimizer | The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs. | 2024-04-10 | not yet calculated | CVE-2023-6385 [email protected] |
| unknown — wp_shortcodes_plugin_-_shortcodes_ultimate | The WP Shortcodes Plugin – Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks. | 2024-04-13 | not yet calculated | CVE-2024-2583 [email protected] |
| unknown — wpb-show-core | The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-04-08 | not yet calculated | CVE-2024-1292 [email protected] |
| unknown — wpb-show-core | The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting | 2024-04-08 | not yet calculated | CVE-2024-1956 [email protected] |
| unknown — wpb-show-core | The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users | 2024-04-08 | not yet calculated | CVE-2024-1958 [email protected] |
| N/A — N/A | The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected. | 2024-04-08 | not yet calculated | CVE-2020-36829 [email protected] [email protected] |
| N/A — N/A | The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In particular, there are no stack canaries and they do not use the Position Independent Executable (PIE) format. | 2024-04-12 | not yet calculated | CVE-2020-8006 [email protected] [email protected] |
| N/A — N/A | The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service. | 2024-04-08 | not yet calculated | CVE-2021-47208 [email protected] [email protected] |
| N/A — N/A | AbrhilSoft Employee’s Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page. | 2024-04-08 | not yet calculated | CVE-2022-43216 [email protected] [email protected] |
| N/A — N/A | eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a “TuDoor” attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. | 2024-04-11 | not yet calculated | CVE-2023-29483 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file. | 2024-04-12 | not yet calculated | CVE-2023-44852 [email protected] |
| N/A — N/A | \An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file. | 2024-04-12 | not yet calculated | CVE-2023-44853 [email protected] |
| N/A — N/A | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file. | 2024-04-12 | not yet calculated | CVE-2023-44854 [email protected] |
| N/A — N/A | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file. | 2024-04-12 | not yet calculated | CVE-2023-44855 [email protected] |
| N/A — N/A | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients’ parameters of the sub_21D24 function in the acu_web file. | 2024-04-12 | not yet calculated | CVE-2023-44856 [email protected] |
| N/A — N/A | An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component. | 2024-04-12 | not yet calculated | CVE-2023-44857 [email protected] |
| N/A — N/A | An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL. | 2024-04-11 | not yet calculated | CVE-2023-48865 [email protected] [email protected] |
| N/A — N/A | Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. | 2024-04-12 | not yet calculated | CVE-2023-49528 [email protected] |
| N/A — N/A | An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component | 2024-04-11 | not yet calculated | CVE-2023-51141 [email protected] [email protected] [email protected] |
| N/A — N/A | An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. | 2024-04-11 | not yet calculated | CVE-2023-51142 [email protected] [email protected] [email protected] |
| N/A — N/A | JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the ‘setSeriesNeedle(int index, int type)’ method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-10 | not yet calculated | CVE-2023-52070 [email protected] [email protected] [email protected] |
| N/A — N/A | Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file. | 2024-04-12 | not yet calculated | CVE-2024-22526 [email protected] |
| N/A — N/A | Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application. | 2024-04-11 | not yet calculated | CVE-2024-22717 [email protected] |
| N/A — N/A | Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL. | 2024-04-11 | not yet calculated | CVE-2024-22718 [email protected] |
| N/A — N/A | SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the ‘keyword’ when searching for a client. | 2024-04-11 | not yet calculated | CVE-2024-22719 [email protected] |
| N/A — N/A | Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link. | 2024-04-11 | not yet calculated | CVE-2024-22721 [email protected] |
| N/A — N/A | Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. | 2024-04-11 | not yet calculated | CVE-2024-22722 [email protected] |
| N/A — N/A | An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components. | 2024-04-12 | not yet calculated | CVE-2024-22734 [email protected] |
| N/A — N/A | JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-22949 [email protected] [email protected] [email protected] |
| N/A — N/A | JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-10 | not yet calculated | CVE-2024-23076 [email protected] [email protected] [email protected] |
| N/A — N/A | JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the component /chart/plot/CompassPlot.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-10 | not yet calculated | CVE-2024-23077 [email protected] [email protected] [email protected] |
| N/A — N/A | JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23078 [email protected] [email protected] [email protected] |
| N/A — N/A | JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23079 [email protected] [email protected] [email protected] |
| N/A — N/A | Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-10 | not yet calculated | CVE-2024-23080 [email protected] [email protected] [email protected] |
| N/A — N/A | ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23081 [email protected] [email protected] [email protected] |
| N/A — N/A | ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23082 [email protected] [email protected] [email protected] |
| N/A — N/A | Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-10 | not yet calculated | CVE-2024-23083 [email protected] [email protected] [email protected] |
| N/A — N/A | Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23084 [email protected] [email protected] [email protected] |
| N/A — N/A | Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23085 [email protected] [email protected] [email protected] |
| N/A — N/A | Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23086 [email protected] [email protected] [email protected] |
| N/A — N/A | Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link. | 2024-04-10 | not yet calculated | CVE-2024-23734 [email protected] [email protected] |
| N/A — N/A | Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate. | 2024-04-10 | not yet calculated | CVE-2024-23735 [email protected] [email protected] |
| N/A — N/A | An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. | 2024-04-09 | not yet calculated | CVE-2024-24245 [email protected] |
| N/A — N/A | An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions. | 2024-04-08 | not yet calculated | CVE-2024-24279 [email protected] |
| N/A — N/A | An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. | 2024-04-11 | not yet calculated | CVE-2024-25376 [email protected] |
| N/A — N/A | An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component. | 2024-04-12 | not yet calculated | CVE-2024-25545 [email protected] [email protected] |
| N/A — N/A | Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the “AccessControlList” parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights. | 2024-04-11 | not yet calculated | CVE-2024-25852 [email protected] [email protected] |
| N/A — N/A | HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. | 2024-04-10 | not yet calculated | CVE-2024-26362 [email protected] |
| N/A — N/A | Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe | 2024-04-08 | not yet calculated | CVE-2024-26574 [email protected] [email protected] |
| N/A — N/A | Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators. | 2024-04-10 | not yet calculated | CVE-2024-27474 [email protected] [email protected] [email protected] |
| N/A — N/A | Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket. | 2024-04-10 | not yet calculated | CVE-2024-27476 [email protected] [email protected] [email protected] |
| N/A — N/A | In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks. | 2024-04-10 | not yet calculated | CVE-2024-27477 [email protected] [email protected] [email protected] |
| N/A — N/A | Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL. | 2024-04-11 | not yet calculated | CVE-2024-27592 [email protected] |
| N/A — N/A | Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function. | 2024-04-08 | not yet calculated | CVE-2024-27630 [email protected] [email protected] |
| N/A — N/A | Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php | 2024-04-08 | not yet calculated | CVE-2024-27631 [email protected] [email protected] [email protected] |
| N/A — N/A | An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function. | 2024-04-08 | not yet calculated | CVE-2024-27632 [email protected] [email protected] |
| N/A — N/A | Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module. | 2024-04-09 | not yet calculated | CVE-2024-27665 [email protected] |
| N/A — N/A | D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify. | 2024-04-11 | not yet calculated | CVE-2024-27683 [email protected] [email protected] [email protected] |
| N/A — N/A | In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | 2024-04-08 | not yet calculated | CVE-2024-28066 [email protected] [email protected] |
| N/A — N/A | Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion). | 2024-04-08 | not yet calculated | CVE-2024-28224 [email protected] [email protected] [email protected] |
| N/A — N/A | An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword. | 2024-04-08 | not yet calculated | CVE-2024-28270 [email protected] |
| N/A — N/A | An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the “back” parameter in the URL through a double encoded URL. | 2024-04-10 | not yet calculated | CVE-2024-28344 [email protected] |
| N/A — N/A | An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL. | 2024-04-10 | not yet calculated | CVE-2024-28345 [email protected] |
| N/A — N/A | TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | 2024-04-11 | not yet calculated | CVE-2024-28402 [email protected] [email protected] |
| N/A — N/A | Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c. | 2024-04-11 | not yet calculated | CVE-2024-28458 [email protected] |
| N/A — N/A | An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component. | 2024-04-12 | not yet calculated | CVE-2024-28718 [email protected] [email protected] [email protected] |
| N/A — N/A | An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | 2024-04-08 | not yet calculated | CVE-2024-28732 [email protected] [email protected] |
| N/A — N/A | An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. | 2024-04-10 | not yet calculated | CVE-2024-29269 [email protected] |
| N/A — N/A | A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. | 2024-04-10 | not yet calculated | CVE-2024-29296 [email protected] [email protected] |
| N/A — N/A | An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. | 2024-04-11 | not yet calculated | CVE-2024-29399 [email protected] |
| N/A — N/A | An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. | 2024-04-12 | not yet calculated | CVE-2024-29400 [email protected] |
| N/A — N/A | An unauthorized node injection vulnerability has been identified in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to escalate privileges and inject malicious ROS2 nodes into the system. | 2024-04-10 | not yet calculated | CVE-2024-29439 [email protected] |
| N/A — N/A | An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) via the ROS2 nodes. | 2024-04-11 | not yet calculated | CVE-2024-29441 [email protected] |
| N/A — N/A | A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. | 2024-04-10 | not yet calculated | CVE-2024-29443 [email protected] |
| N/A — N/A | An OS command injection vulnerability has been discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via External Command Execution Modules, System Call Handlers, and Interface Scripts. | 2024-04-11 | not yet calculated | CVE-2024-29444 [email protected] |
| N/A — N/A | An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3 where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. | 2024-04-10 | not yet calculated | CVE-2024-29445 [email protected] |
| N/A — N/A | An issue was discovered in the default configurations of ROS2 Humble Hawksbill in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. | 2024-04-11 | not yet calculated | CVE-2024-29447 [email protected] |
| N/A — N/A | A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a denial of service (DoS) via improper handling of arrays or strings. | 2024-04-11 | not yet calculated | CVE-2024-29448 [email protected] |
| N/A — N/A | An issue was discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to obtain sensitive information via man-in-the-middle attacks due to cleartext transmission of data across the ROS2 nodes’ communication channels. | 2024-04-11 | not yet calculated | CVE-2024-29449 [email protected] |
| N/A — N/A | An issue has been discovered in the permission and access control components within ROS2 Humble Hawksbill, in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the authentication system, including protocols, processes, and checks designed to verify the identities of users or devices attempting to access the ROS2 system. | 2024-04-11 | not yet calculated | CVE-2024-29450 [email protected] |
| N/A — N/A | An insecure deserialization vulnerability has been identified in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. | 2024-04-11 | not yet calculated | CVE-2024-29452 [email protected] |
| N/A — N/A | An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to execute arbitrary commands potentially leading to unauthorized system control, data breaches, system and network compromise, and operational disruption. | 2024-04-11 | not yet calculated | CVE-2024-29454 [email protected] |
| N/A — N/A | An arbitrary file upload vulnerability has been discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via crafted payload to the file upload mechanism of the ROS2 system, including the server’s functionality for handling file uploads and the associated validation processes. | 2024-04-11 | not yet calculated | CVE-2024-29455 [email protected] |
| N/A — N/A | An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component. | 2024-04-10 | not yet calculated | CVE-2024-29460 [email protected] |
| N/A — N/A | An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. | 2024-04-12 | not yet calculated | CVE-2024-29461 [email protected] [email protected] |
| N/A — N/A | An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. | 2024-04-10 | not yet calculated | CVE-2024-29500 [email protected] |
| N/A — N/A | An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. | 2024-04-10 | not yet calculated | CVE-2024-29502 [email protected] |
| N/A — N/A | Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter. | 2024-04-10 | not yet calculated | CVE-2024-29504 [email protected] [email protected] |
| N/A — N/A | NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. | 2024-04-11 | not yet calculated | CVE-2024-29937 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A | An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope. | 2024-04-12 | not yet calculated | CVE-2024-30614 [email protected] |
| N/A — N/A | Shell Injection vulnerability in ROS (Robot Operating System) Melodic Morenia versions ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information. | 2024-04-08 | not yet calculated | CVE-2024-30659 [email protected] |
| N/A — N/A | An unauthorized access vulnerability has been discovered in ROS Melodic Morenia versions where ROS_VERSION is 1 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized information access to multiple ROS nodes remotely. Unauthorized information access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. | 2024-04-08 | not yet calculated | CVE-2024-30661 [email protected] |
| N/A — N/A | An issue was discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to easily intercept and access this data. | 2024-04-08 | not yet calculated | CVE-2024-30662 [email protected] |
| N/A — N/A | An issue was discovered in the default configurations of ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3. This vulnerability allows unauthenticated attackers to gain access using default credentials, posing a serious threat to the integrity and security of the system. | 2024-04-08 | not yet calculated | CVE-2024-30663 [email protected] |
| N/A — N/A | An OS command injection vulnerability has been discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3. This vulnerability primarily affects the command processing or system call components in ROS, making them susceptible to manipulation by malicious entities. Through this, unauthorized commands can be executed, leading to remote code execution (RCE), data theft, and malicious activities. The affected components include External Command Execution Modules, System Call Handlers, and Interface Scripts. | 2024-04-08 | not yet calculated | CVE-2024-30665 [email protected] |
| N/A — N/A | A buffer overflow vulnerability has been discovered in the C++ components of ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via improper handling of arrays or strings within these components. | 2024-04-08 | not yet calculated | CVE-2024-30666 [email protected] |
| N/A — N/A | Insecure deserialization vulnerability in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or obtain sensitive information via crafted input to the data handling components. | 2024-04-08 | not yet calculated | CVE-2024-30667 [email protected] |
| N/A — N/A | Arbitrary file upload vulnerability in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via the file upload component. | 2024-04-08 | not yet calculated | CVE-2024-30672 [email protected] |
| N/A — N/A | Unauthorized access vulnerability in ROS2 Iron Irwini in ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to gain control of multiple ROS2 nodes. Unauthorized information access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. | 2024-04-08 | not yet calculated | CVE-2024-30674 [email protected] |
| N/A — N/A | Unauthorized node injection vulnerability in ROS2 Iron Irwini in ROS_VERSION 2 and ROS_PYTHON_VERSION 3. This vulnerability could allow a malicious user to escalate privileges by injecting malicious ROS2 nodes into the system remotely. | 2024-04-08 | not yet calculated | CVE-2024-30675 [email protected] |
| N/A — N/A | A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. A malicious user could potentially exploit this vulnerability remotely to crash the ROS2 nodes, thereby causing a denial of service. The flaw allows an attacker to cause unexpected behavior in the operation of ROS2 nodes, which leads to their failure and interrupts the regular operation of the system, thus making it unavailable for its intended users. | 2024-04-09 | not yet calculated | CVE-2024-30676 [email protected] |
| N/A — N/A | An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to intercept and access this data. | 2024-04-09 | not yet calculated | CVE-2024-30678 [email protected] |
| N/A — N/A | An issue was discovered in the default configurations of ROS2 Iron Irwini ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to authenticate using default credentials. | 2024-04-09 | not yet calculated | CVE-2024-30679 [email protected] |
| N/A — N/A | Shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Iron Irwini in versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. | 2024-04-09 | not yet calculated | CVE-2024-30680 [email protected] |
| N/A — N/A | An OS command injection vulnerability has been discovered in ROS2 Iron Irwini version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2. | 2024-04-09 | not yet calculated | CVE-2024-30681 [email protected] |
| N/A — N/A | A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via improper handling of arrays or strings. | 2024-04-09 | not yet calculated | CVE-2024-30683 [email protected] |
| N/A — N/A | An insecure logging vulnerability has been identified within ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to access sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2. | 2024-04-09 | not yet calculated | CVE-2024-30684 [email protected] |
| N/A — N/A | An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system. | 2024-04-09 | not yet calculated | CVE-2024-30686 [email protected] |
| N/A — N/A | An insecure deserialization vulnerability has been identified in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via a crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. | 2024-04-09 | not yet calculated | CVE-2024-30687 [email protected] |
| N/A — N/A | An arbitrary file upload vulnerability has been discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via a crafted payload to the file upload mechanism of the ROS2 system, including the server’s functionality for handling file uploads and the associated validation processes. | 2024-04-09 | not yet calculated | CVE-2024-30688 [email protected] |
| N/A — N/A | An unauthorized node injection vulnerability has been identified in ROS2 Galactic Geochelone versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to escalate privileges. | 2024-04-09 | not yet calculated | CVE-2024-30690 [email protected] |
| N/A — N/A | An issue was discovered in ROS2 Galactic Geochelone in version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS2 nodes. | 2024-04-09 | not yet calculated | CVE-2024-30691 [email protected] |
| N/A — N/A | A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) in the ROS2 nodes. | 2024-04-09 | not yet calculated | CVE-2024-30692 [email protected] |
| N/A — N/A | A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. | 2024-04-09 | not yet calculated | CVE-2024-30694 [email protected] |
| N/A — N/A | An issue was discovered in the default configurations of ROS2 Galactic Geochelone versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. | 2024-04-09 | not yet calculated | CVE-2024-30695 [email protected] |
| N/A — N/A | OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2, including External Command Execution Modules, System Call Handlers, and Interface Scripts. | 2024-04-09 | not yet calculated | CVE-2024-30696 [email protected] |
| N/A — N/A | An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. | 2024-04-09 | not yet calculated | CVE-2024-30697 [email protected] |
| N/A — N/A | A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a denial of service (DoS) via improper handling of arrays or strings. | 2024-04-09 | not yet calculated | CVE-2024-30699 [email protected] |
| N/A — N/A | An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to obtain sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2. | 2024-04-09 | not yet calculated | CVE-2024-30701 [email protected] |
| N/A — N/A | An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system. | 2024-04-09 | not yet calculated | CVE-2024-30702 [email protected] |
| N/A — N/A | An arbitrary file upload vulnerability has been discovered in ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via a crafted payload to the file upload mechanism of the ROS2 system, including the server’s functionality for handling file uploads and the associated validation processes. | 2024-04-09 | not yet calculated | CVE-2024-30703 [email protected] |
| N/A — N/A | An insecure deserialization vulnerability has been identified in ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. | 2024-04-09 | not yet calculated | CVE-2024-30704 [email protected] |
| N/A — N/A | An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS2 nodes. | 2024-04-09 | not yet calculated | CVE-2024-30706 [email protected] |
| N/A — N/A | Unauthorized node injection vulnerability in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to escalate privileges and inject malicious ROS2 nodes into the system. | 2024-04-10 | not yet calculated | CVE-2024-30707 [email protected] |
| N/A — N/A | An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) via the ROS2 nodes. | 2024-04-10 | not yet calculated | CVE-2024-30708 [email protected] |
| N/A — N/A | An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to easily intercept and access this data. | 2024-04-10 | not yet calculated | CVE-2024-30710 [email protected] |
| N/A — N/A | An issue was discovered in the default configurations of ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. | 2024-04-10 | not yet calculated | CVE-2024-30711 [email protected] |
| N/A — N/A | A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. | 2024-04-10 | not yet calculated | CVE-2024-30712 [email protected] |
| N/A — N/A | An OS command injection vulnerability has been discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the External Command Execution Modules, System Call Handlers, and Interface Scripts. | 2024-04-10 | not yet calculated | CVE-2024-30713 [email protected] |
| N/A — N/A | A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via improper handling of arrays or strings. | 2024-04-10 | not yet calculated | CVE-2024-30715 [email protected] |
| N/A — N/A | An insecure logging vulnerability in ROS2 Dashing Diademata ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attacks to obtain sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2. | 2024-04-10 | not yet calculated | CVE-2024-30716 [email protected] |
| N/A — N/A | An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION=2 and ROS_PYTHON_VERSION=3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system. | 2024-04-10 | not yet calculated | CVE-2024-30718 [email protected] |
| N/A — N/A | An insecure deserialization vulnerability has been identified in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. | 2024-04-10 | not yet calculated | CVE-2024-30719 [email protected] |
| N/A — N/A | An arbitrary file upload vulnerability has been discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via a crafted payload to the file upload mechanism of the ROS2 system, including the server’s functionality for handling file uploads and the associated validation processes. | 2024-04-10 | not yet calculated | CVE-2024-30721 [email protected] |
| N/A — N/A | An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) via the ROS nodes. | 2024-04-10 | not yet calculated | CVE-2024-30722 [email protected] |
| N/A — N/A | An unauthorized node injection vulnerability has been identified in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to escalate privileges and inject malicious ROS nodes into the system due to insecure permissions. | 2024-04-10 | not yet calculated | CVE-2024-30723 [email protected] |
| N/A — N/A | An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS nodes. | 2024-04-10 | not yet calculated | CVE-2024-30724 [email protected] |
| N/A — N/A | A shell injection vulnerability was discovered in ROS (Robot Operating System) Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS handles shell command execution in components like command interpreters or interfaces that process external inputs. | 2024-04-10 | not yet calculated | CVE-2024-30726 [email protected] |
| N/A — N/A | An issue was discovered in ROS Kinetic Kame in Kinetic Kame ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, where the system transmits messages in plaintext, allowing attackers to obtain sensitive information via a man-in-the-middle attack. | 2024-04-10 | not yet calculated | CVE-2024-30727 [email protected] |
| N/A — N/A | An issue was discovered in the default configurations of ROS (Robot Operating System) Kinetic Kame ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. | 2024-04-10 | not yet calculated | CVE-2024-30728 [email protected] |
| N/A — N/A | An OS command injection vulnerability has been discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the External Command Execution Modules, System Call Handlers, and Interface Scripts. | 2024-04-10 | not yet calculated | CVE-2024-30729 [email protected] [email protected] |
| N/A — N/A | An insecure logging vulnerability has been identified within ROS Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows attackers to obtain sensitive information via inadequate security measures implemented within the logging mechanisms of ROS. | 2024-04-10 | not yet calculated | CVE-2024-30730 [email protected] |
| N/A — N/A | A buffer overflow vulnerability has been discovered in the C++ components of ROS Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a denial of service (DoS) via improper handling of arrays or strings within these components. | 2024-04-10 | not yet calculated | CVE-2024-30733 [email protected] |
| N/A — N/A | An arbitrary file upload vulnerability has been discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via crafted payload to the file upload mechanism of the ROS system, including the server’s functionality for handling file uploads and the associated validation processes. | 2024-04-10 | not yet calculated | CVE-2024-30735 [email protected] |
| N/A — N/A | An insecure deserialization vulnerability has been identified in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. | 2024-04-10 | not yet calculated | CVE-2024-30736 [email protected] |
| N/A — N/A | An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS system. | 2024-04-10 | not yet calculated | CVE-2024-30737 [email protected] |
| N/A — N/A | Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. | 2024-04-12 | not yet calculated | CVE-2024-30845 [email protected] [email protected] |
| N/A — N/A | An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go | 2024-04-12 | not yet calculated | CVE-2024-30850 [email protected] |
| N/A — N/A | A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. | 2024-04-11 | not yet calculated | CVE-2024-30878 [email protected] |
| N/A — N/A | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function. | 2024-04-11 | not yet calculated | CVE-2024-30879 [email protected] |
| N/A — N/A | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function. | 2024-04-11 | not yet calculated | CVE-2024-30880 [email protected] |
| N/A — N/A | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function. | 2024-04-11 | not yet calculated | CVE-2024-30883 [email protected] |
| N/A — N/A | Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. | 2024-04-11 | not yet calculated | CVE-2024-30884 [email protected] |
| N/A — N/A | Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . | 2024-04-11 | not yet calculated | CVE-2024-30885 [email protected] |
| N/A — N/A | An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to cause a denial of service and obtain sensitive information via the max_samples parameter within the DataReaderQoS component. | 2024-04-11 | not yet calculated | CVE-2024-30915 [email protected] |
| N/A — N/A | An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component. | 2024-04-11 | not yet calculated | CVE-2024-30916 [email protected] |
| N/A — N/A | An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. | 2024-04-11 | not yet calculated | CVE-2024-30917 [email protected] |
| N/A — N/A | An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. | 2024-04-08 | not yet calculated | CVE-2024-31022 [email protected] |
| N/A — N/A | An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. | 2024-04-08 | not yet calculated | CVE-2024-31047 [email protected] |
| N/A — N/A | Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the “id” parameter in admin/admin_cs.php. | 2024-04-09 | not yet calculated | CVE-2024-31506 [email protected] |
| N/A — N/A | Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the “request” parameter in admin/fetch_gendercs.php. | 2024-04-09 | not yet calculated | CVE-2024-31507 [email protected] |
| N/A — N/A | A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record. | 2024-04-09 | not yet calculated | CVE-2024-31544 [email protected] |
| N/A — N/A | Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the “password” parameter in the “login.php” file. | 2024-04-11 | not yet calculated | CVE-2024-31678 [email protected] |
| N/A — N/A | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. | 2024-04-08 | not yet calculated | CVE-2024-31805 [email protected] |
| N/A — N/A | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. | 2024-04-08 | not yet calculated | CVE-2024-31806 [email protected] |
| N/A — N/A | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. | 2024-04-08 | not yet calculated | CVE-2024-31807 [email protected] |
| N/A — N/A | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | 2024-04-08 | not yet calculated | CVE-2024-31808 [email protected] |
| N/A — N/A | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. | 2024-04-08 | not yet calculated | CVE-2024-31809 [email protected] |
| N/A — N/A | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. | 2024-04-08 | not yet calculated | CVE-2024-31811 [email protected] |
| N/A — N/A | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. | 2024-04-08 | not yet calculated | CVE-2024-31812 [email protected] |
| N/A — N/A | TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. | 2024-04-08 | not yet calculated | CVE-2024-31813 [email protected] |
| N/A — N/A | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. | 2024-04-08 | not yet calculated | CVE-2024-31814 [email protected] |
| N/A — N/A | In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh | 2024-04-08 | not yet calculated | CVE-2024-31815 [email protected] |
| N/A — N/A | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. | 2024-04-08 | not yet calculated | CVE-2024-31816 [email protected] |
| N/A — N/A | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. | 2024-04-08 | not yet calculated | CVE-2024-31817 [email protected] |
| N/A — N/A | Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. | 2024-04-12 | not yet calculated | CVE-2024-31818 [email protected] [email protected] |
| N/A — N/A | An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. | 2024-04-10 | not yet calculated | CVE-2024-31819 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A | Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. | 2024-04-12 | not yet calculated | CVE-2024-31839 [email protected] [email protected] |
| N/A — N/A | In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. | 2024-04-07 | not yet calculated | CVE-2024-31948 [email protected] [email protected] |
| N/A — N/A | In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. | 2024-04-07 | not yet calculated | CVE-2024-31949 [email protected] [email protected] |
| N/A — N/A | In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). | 2024-04-07 | not yet calculated | CVE-2024-31950 [email protected] [email protected] |
| N/A — N/A | In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). | 2024-04-07 | not yet calculated | CVE-2024-31951 [email protected] [email protected] |
| N/A — N/A | less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. | 2024-04-13 | not yet calculated | CVE-2024-32487 [email protected] [email protected] [email protected] |
| N/A — N/A | A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. | 2024-04-10 | not yet calculated | CVE-2024-3566 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
