US-CERT Vulnerability Summary for the Week of February 26, 2024

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
N/A — N/A
 
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.2024-02-267.5CVE-2024-27454
[email protected]
[email protected]
[email protected]
[email protected]
N/A — avada_|_website_builder_wordpress_&_woocommerce
 
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.2024-02-298.8CVE-2024-1468
[email protected]
[email protected]
N/A — xorg-server
 
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.2024-02-287.8CVE-2024-21885
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
N/A — xorg-server
 
A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.2024-02-287.8CVE-2024-21886
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
adobe — acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-297.8CVE-2024-20765
[email protected]
anton_kueltz — fastecdsa
 
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable’s actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.2024-02-247.5CVE-2024-21502
[email protected]
[email protected]
[email protected]
[email protected]
authzed — spicedb
 
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2.2024-03-017.3CVE-2024-27101
[email protected]
[email protected]
aveva — aveva_edge
 
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.2024-02-297.3CVE-2023-6132
[email protected]
[email protected]
awordpresslife — slider_responsive_slideshow_-_image_slider,_gallery_slideshow
 
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-03-018.8CVE-2024-1859
[email protected]
[email protected]
azure — azure-uamqp-c
 
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.2024-02-279.8CVE-2024-27099
[email protected]
[email protected]
backstage — backstage
 
`@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10.2024-02-238.7CVE-2024-26150
[email protected]
[email protected]
[email protected]
[email protected]
bplugins_llc — icoms_font_loader
 
Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.This issue affects Icons Font Loader: from n/a through 1.1.4.2024-02-267.2CVE-2024-24714
[email protected]
brechtvds — wp_recipe_maker
 
The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the ‘recipes’ parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-298.8CVE-2024-1206
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
cisa — industrial_control_systems_network_protocol_parsers_(icsnpp)_-_ethercat_plugin_for_zeek
 
Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution.2024-03-019.8CVE-2023-7243
[email protected]
cisa — industrial_control_systems_network_protocol_parsers_(icsnpp)_-_ethercat_plugin_for_zeek
 
Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution.2024-03-019.8CVE-2023-7244
[email protected]
cisa — industrial_control_systems_network_protocol_parsers_(icsnpp)_-_ethercat_plugin_for_zeek
 
Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds read during the process of analyzing a specific Ethercat packet. This could allow an attacker to crash the Zeek process and leak some information in memory.2024-03-018.2CVE-2023-7242
[email protected]
cisco — cisco_nx-os_software
 
A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that is encapsulated within an MPLS frame to an MPLS-enabled interface of the targeted device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition. Note: The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet.2024-02-298.6CVE-2024-20267
[email protected]
cisco — cisco_nx-os_software
 
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.2024-02-298.6CVE-2024-20321
[email protected]
code-projects — crime_reporting_system
 
A vulnerability was found in code-projects Crime Reporting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file inchargelogin.php. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254608.2024-02-237.3CVE-2024-1820
[email protected]
[email protected]
[email protected]
code-projects — e-commerce_website
 
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attack may be launched remotely. VDB-249002 is the identifier assigned to this vulnerability.2024-02-297.3CVE-2023-7107
[email protected]
[email protected]
[email protected]
code-projects — library_management_systemA vulnerability classified as critical was found in code-projects Library Management System 2.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249004.2024-02-297.3CVE-2023-7109
[email protected]
[email protected]
[email protected]
code-projects — library_management_system
 
A vulnerability, which was classified as critical, has been found in code-projects Library Management System 2.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249005 was assigned to this vulnerability.2024-02-297.3CVE-2023-7110
[email protected]
[email protected]
[email protected]
code-projects — library_system
 
A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-254614 is the identifier assigned to this vulnerability.2024-02-237.3CVE-2024-1826
[email protected]
[email protected]
[email protected]
code-projects — library_system
 
A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254615.2024-02-237.3CVE-2024-1827
[email protected]
[email protected]
[email protected]
code-projects — library_system
 
A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254616.2024-02-237.3CVE-2024-1828
[email protected]
[email protected]
[email protected]
code-projects — library_system
 
A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254617 was assigned to this vulnerability.2024-02-237.3CVE-2024-1829
[email protected]
[email protected]
[email protected]
code-projects — library_system
 
A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254618 is the identifier assigned to this vulnerability.2024-02-237.3CVE-2024-1830
[email protected]
[email protected]
[email protected]
codeastro — house_rental_management_systemA vulnerability, which was classified as critical, has been found in CodeAstro House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file signing.php. The manipulation of the argument uname/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254612.2024-02-237.3CVE-2024-1824
[email protected]
[email protected]
[email protected]
commend — ws203vicmA remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service.2024-03-018.6CVE-2024-22182
[email protected]
[email protected]
commend — ws203vicm
 
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.2024-03-019.4CVE-2024-21767
[email protected]
[email protected]
danielparks — pupet-golang
 
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files – including the compiler binary – with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group2024-02-297.3CVE-2024-27294
[email protected]
[email protected]
[email protected]
dassault_systems — documention_server
 
An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release R2023 through Release R2024. A specially crafted HTTP request can lead to arbitrary command execution.2024-03-019.4CVE-2024-1624
[email protected]
dassault_systems — edrawings
 
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.2024-02-287.8CVE-2024-1847
[email protected]
dataease — dataease
 
Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is `core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java.` The blacklist of mysql jdbc attacks can be bypassed and attackers can further exploit it for deserialized execution or reading arbitrary files. This vulnerability is patched in 1.18.15 and 2.3.0.2024-02-299.1CVE-2024-23328
[email protected]
[email protected]
[email protected]
dell — secure_connect_gateway_(scg)_5.0_appliance_-_srs
 
Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.2024-03-017.1CVE-2024-22457
[email protected]
dell — secure_connect_gateway_(scg)_policy_managerDell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.2024-03-017.6CVE-2024-24904
[email protected]
dell — secure_connect_gateway_(scg)_policy_manager
 
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change.2024-03-018CVE-2024-24903
[email protected]
dell — secure_connect_gateway_(scg)_policy_manager
 
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.2024-03-017.6CVE-2024-24905
[email protected]
dell — secure_connect_gateway_(scg)_policy_manager
 
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.2024-03-017.6CVE-2024-24906
[email protected]
dell — secure_connect_gateway_(scg)_policy_manager
 
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.2024-03-017.6CVE-2024-24907
[email protected]
delta_electronics — cncsoft-b
 
Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.2024-03-017.8CVE-2024-1941
[email protected]
delta_electronics — cncsoft-b_v1.0.0.4_dopsoft
 
Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.2024-02-297.8CVE-2024-1595
[email protected]
demososo — dm_enterprise_website_building_system
 
A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-237.3CVE-2024-1817
[email protected]
[email protected]
[email protected]
directus — directus
 
Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3.2024-03-018.2CVE-2024-27295
[email protected]
dpgaspar — flask-appbuilder
 
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 authorization protocol. Upgrade to Flask-AppBuilder 4.3.11 to fix the vulnerability.2024-02-299.1CVE-2024-25128
[email protected]
[email protected]
element-hq — element-android
 
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.2024-02-298.4CVE-2024-26131
[email protected]
[email protected]
[email protected]
[email protected]
ernest_marcinko — ajax_search_lite
 
Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.2024-02-297.1CVE-2024-21752
[email protected]
esphome — esphome
 
ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1.2024-02-267.2CVE-2024-27081
[email protected]
[email protected]
hewlett_packard_enterprise_(hpe) — aruba_clearpass_policy_manager
 
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2024-02-277.2CVE-2024-26294
[email protected]
hewlett_packard_enterprise_(hpe) — aruba_clearpass_policy_manager
 
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2024-02-277.2CVE-2024-26295
[email protected]
hewlett_packard_enterprise_(hpe) — aruba_clearpass_policy_manager
 
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2024-02-277.2CVE-2024-26296
[email protected]
hewlett_packard_enterprise_(hpe) — aruba_clearpass_policy_manager
 
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2024-02-277.2CVE-2024-26297
[email protected]
hewlett_packard_enterprise_(hpe) — aruba_clearpass_policy_manager
 
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2024-02-277.2CVE-2024-26298
[email protected]
hikvision — hikcentral_professional
 
Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to.2024-03-027.5CVE-2024-25063
[email protected]
honeywell — mpa2_access_panel
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05.  Honeywell released firmware update package MPA2 firmware R1.00.08.05 which addresses this vulnerability. This version and all later versions correct the reported vulnerability.2024-02-298.1CVE-2023-1841
[email protected]
[email protected]
ibm — aspera_console
 
IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.2024-02-238.6CVE-2022-43842
[email protected]
[email protected]
ibm — security_guardium_key_lifecycle_manager
 
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. IBM X-Force ID: 247620.2024-02-298.5CVE-2023-25921
[email protected]
[email protected]
ibm — security_guardium_key_lifecycle_manager
 
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.2024-02-288.5CVE-2023-25925
[email protected]
[email protected]
jetty — jetty.project
 
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.2024-02-267.5CVE-2024-22201
[email protected]
[email protected]
joel_starnes — postmash_-custom_post_order
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0.2024-02-289.3CVE-2024-25927
[email protected]
joomunited — wp_media_folder
 
Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.2024-02-269.9CVE-2024-25909
[email protected]
jose_fernandez — adsmonetizer
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in José Fernandez Adsmonetizer allows Reflected XSS.This issue affects Adsmonetizer: from n/a through 3.1.2.2024-02-297.1CVE-2024-1437
[email protected]
justinsainton — wp_ecommerce
 
The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the ‘cart_contents’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-289.8CVE-2024-1514
[email protected]
[email protected]
kaliforms — contact_form_builder_with_drag_&_drop_for_wordpress_-_kali_forms
 
The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins.2024-02-297.6CVE-2024-1217
[email protected]
[email protected]
lexmark — various
 
A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.2024-02-289CVE-2023-50734
7bc73191-a2b6-4c63-9918-753964601853
lexmark — various
 
A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.2024-02-289CVE-2023-50735
7bc73191-a2b6-4c63-9918-753964601853
lexmark — various
 
A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.2024-02-289CVE-2023-50736
7bc73191-a2b6-4c63-9918-753964601853
lexmark — various
 
The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code.2024-02-289.1CVE-2023-50737
7bc73191-a2b6-4c63-9918-753964601853
line_coporation — armeria
 
A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.2024-02-269.1CVE-2024-1735
[email protected]
llama.cpp — llama.cppA heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.2024-02-268.8CVE-2024-21802
[email protected]
llama.cpp — llama.cpp
 
A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.2024-02-268.8CVE-2024-21825
[email protected]
llama.cpp — llama.cpp
 
A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.2024-02-268.8CVE-2024-21836
[email protected]
llama.cpp — llama.cpp
 
A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.2024-02-268.8CVE-2024-23496
[email protected]
llama.cpp — llama.cpp
 
A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.2024-02-268.8CVE-2024-23605
[email protected]
melapress — wp_activity_log
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.2024-02-297.1CVE-2023-50905
[email protected]
metaswitch — cassandra-rs
 
cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0.2024-02-297.5CVE-2024-27284
[email protected]
[email protected]
microdicom — dicom_viewer
 
MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must open a malicious DCM file in order to exploit the vulnerability.2024-03-017.8CVE-2024-22100
[email protected]
microdicom — dicom_viewer
 
MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application.2024-03-017.8CVE-2024-25578
[email protected]
microsoft — microsoft_edge_(chromium-based)
 
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability2024-02-238.2CVE-2024-26192
[email protected]
milan_petrovic — gd_rating_system
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5.2024-02-297.1CVE-2024-25093
[email protected]
miniorange — malware_scanner
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2.2024-02-287.6CVE-2024-25902
[email protected]
mlflow — mflow
 
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables.2024-02-237.5CVE-2024-27132
[email protected]
[email protected]
mlflow — mflow
 
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.2024-02-237.5CVE-2024-27133
[email protected]
[email protected]
mollie — mollie_payments_for_woocommerce
 
Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.2024-02-299.1CVE-2023-6090
[email protected]
nlnet_labs — routinator
 
Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.2024-02-267.5CVE-2024-1622
[email protected]
oisf — libhtp
 
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.2024-02-267.5CVE-2024-23837
[email protected]
[email protected]
[email protected]
oisf — suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser.2024-02-267.5CVE-2024-23835
[email protected]
[email protected]
[email protected]
[email protected]
oisf — suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.2024-02-267.5CVE-2024-23836
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
oisf — suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.2024-02-267.1CVE-2024-23839
[email protected]
[email protected]
[email protected]
oliverpos — oliver_pos_-_a_woocommerce_point_of_sale_(pos)
 
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more.2024-02-297.3CVE-2024-0702
[email protected]
[email protected]
onnx — onnx
 
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.2024-02-237.5CVE-2024-27318
6f8de1f0-f67e-45a6-b68f-98777fdb759c
6f8de1f0-f67e-45a6-b68f-98777fdb759c
opentext — netiq_client_login_extension
 
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6.2024-02-297.1CVE-2024-1470
[email protected]
parse-community — parse-server
 
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.2024-03-0110CVE-2024-27298
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
progress — openedge
 
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The vulnerability is a bypass to authentication based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication.  2024-02-2710CVE-2024-1403
[email protected]
[email protected]
progress_software_corporation — sitefinity
 
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site’s administrative area.2024-02-288.8CVE-2024-1632
[email protected]
[email protected]
progress_software_corporation — sitefinity
 
Potential Cross-Site Scripting (XSS) in the page editing area.2024-02-288CVE-2024-1636
[email protected]
[email protected]
rails — rails
 
Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.2024-02-277.5CVE-2024-26142
[email protected]
[email protected]
[email protected]
[email protected]
santesoft — sante_dicom_viewer_pro
 
In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.2024-03-017.8CVE-2024-1453
[email protected]
sitepact — sitepact
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5.2024-02-237.1CVE-2024-25928
[email protected]
skymoonlabs — moveto
 
Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.2024-02-2610CVE-2024-25913
[email protected]
skymoonlabs — moveto
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.2024-02-289.8CVE-2024-25910
[email protected]
sma — sma_cluster_controller
 
Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device.2024-02-268.8CVE-2024-1889
[email protected]
smartypants — sp_project_&_document_manager
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.2024-02-288.5CVE-2024-24868
[email protected]
solarwinds — security_event_manager
 
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.2024-03-018.8CVE-2024-0692
[email protected]
[email protected]
sourcecodester — complete_file_management_system
 
A vulnerability, which was classified as critical, was found in SourceCodester Complete File Management System 1.0. Affected is an unknown function of the file users/index.php of the component Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+–+- leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254622 is the identifier assigned to this vulnerability.2024-02-237.3CVE-2024-1831
[email protected]
[email protected]
[email protected]
sourcecodester — complete_file_management_system
 
A vulnerability has been found in SourceCodester Complete File Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+–+- leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254623.2024-02-237.3CVE-2024-1832
[email protected]
[email protected]
[email protected]
sourcecodester — employee_management_system
 
A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254624.2024-02-237.3CVE-2024-1833
[email protected]
[email protected]
[email protected]
sourcecodester — employee_management_system
 
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid with the input ‘+or+1%3d1%23 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254724.2024-02-267.3CVE-2024-1876
[email protected]
[email protected]
[email protected]
spring — spring_framework
 
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.2024-02-238.1CVE-2024-22243
[email protected]
surya2developer — online_shopping_system
 
A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument password with the input nochizplz’+or+1%3d1+limit+1%23 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255127.2024-02-297.3CVE-2024-1971
[email protected]
[email protected]
[email protected]
sysbasics — woocommerce_easy_checkout_field_editor,_fees_&_discounts
 
Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12.2024-02-2610CVE-2024-25925
[email protected]
tatvic — conversios_-_google_analytics_4_(ga4),_meta_pixel_&_more_via_google_tag_manager_for_woocommerce
 
The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ee_syncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions up to, and including, 6.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-288.8CVE-2024-0786
[email protected]
[email protected]
teamviewer — remote_full_client
 
Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account.2024-02-277.3CVE-2024-0819
[email protected]
tenable — tenable_identity_exposure_secure_relay
 
A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.2024-02-237.3CVE-2024-1683
[email protected]
thales — safenet_authentication_client
 
A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access.2024-02-277.8CVE-2023-5993
[email protected]
thales — safenet_authentication_client
 
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.2024-02-277.8CVE-2023-7016
[email protected]
thales — sentinel_hasp_ldk
 
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.2024-02-277.8CVE-2024-0197
[email protected]
themeisle — rss_aggregator_by_feedzy_-_feed_to_post,_autoblogging,_news_&_youtube_video_feeds_aggregatorThe RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-298.8CVE-2024-1317
[email protected]
[email protected]
[email protected]
totolink — lr1200gb
 
A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-239.8CVE-2024-1783
[email protected]
[email protected]
[email protected]
unitecms — addon_library
 
The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files.2024-02-268.8CVE-2024-1710
[email protected]
[email protected]
w&t — com-umlenkung_pnp
 
A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.2024-03-017.8CVE-2024-25552
[email protected]
wpdevteam — notificationx_best_fomo,_social_proof,_woocommerce_sales_popup_&_notification_bar_plugin_with_elementor
 
The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the ‘type’ parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-279.8CVE-2024-1698
[email protected]
[email protected]
[email protected]
wpvividplugins — migration,_backup,_staging_wp_wpvivid
 
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the ‘table_prefix’ parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-299.8CVE-2024-1981
[email protected]
[email protected]
[email protected]
zephyrproject-rtos — zephyr
 
Possible buffer overflow in is_mount_point2024-02-297.3CVE-2023-6881
[email protected]
zestardtechnologies — admin_side_data_storage_for_contact_form_7
 
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the ‘form-id’ parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-237.2CVE-2024-1776
[email protected]
[email protected]

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
N/A — mini_-_tmall
 
A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255389 was assigned to this vulnerability.2024-03-016.3CVE-2024-2074
[email protected]
[email protected]
[email protected]
N/A — pcp
 
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.2024-02-286CVE-2023-6917
[email protected]
[email protected]
N/A — upstream
 
A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn’t inspect tokens, it determines that all tokens are valid.2024-02-286.3CVE-2024-0560
[email protected]
[email protected]
[email protected]
activeim — marketing_optimizer
 
The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated attackers to update the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-294.3CVE-2024-1976
[email protected]
[email protected]
acurax — under_construction_/_maintenance_mode_from_acurax
 
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mode is active thus bypassing the protection provided by the plugin.2024-02-285.3CVE-2024-1476
[email protected]
[email protected]
acurax — under_construction_/_maintenance_mode_from_acurax
 
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the ‘acx_csma_subscribe_ajax’ function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors.2024-02-284.3CVE-2023-6922
[email protected]
[email protected]
adobe — indesign
 
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-295.5CVE-2023-44341
[email protected]
adobe — indesign
 
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-295.5CVE-2023-44342
[email protected]
adobe — indesign
 
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-295.5CVE-2023-44343
[email protected]
adobe — indesign
 
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-295.5CVE-2023-44344
[email protected]
adobe — indesign
 
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-295.5CVE-2023-44345
[email protected]
adobe — indesign
 
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-295.5CVE-2023-44346
[email protected]
adobe — indesign
 
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-295.5CVE-2023-44347
[email protected]
advanced_flamingo — advanced_flamingo
 
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.This issue affects Advanced Flamingo: from n/a through 1.0.2024-02-284.3CVE-2023-52226
[email protected]
akirk — friends
 
The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discover_available_feeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.2024-02-295.5CVE-2024-1978
[email protected]
[email protected]
[email protected]
algoritmika — cost_of_goods_sold_(cogs):_cost_&_profit_calculator_for_woocommerce
 
The Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘section’ parameter in all versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-02-296.1CVE-2024-0821
[email protected]
[email protected]
apache_software_foundation — apache_superset
 
Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don’t have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.2024-02-285CVE-2024-24779
[email protected]
[email protected]
apache_software_foundation — apache_superset
 
A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.2024-02-284.3CVE-2024-24772
[email protected]
[email protected]
apache_software_foundation — apache_superset
 
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue.2024-02-284.9CVE-2024-24773
[email protected]
[email protected]
apache_software_foundation — apache_superset
 
A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it’s important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.2024-02-284.3CVE-2024-26016
[email protected]
[email protected]
apache_software_foundation — apache_superset
 
An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.2024-02-284.3CVE-2024-27315
[email protected]
[email protected]
apostrophe — sanitize-html
 
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.2024-02-245.3CVE-2024-21501
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
archer — archer_platform
 
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.2024-02-234.3CVE-2024-0563
[email protected]
arne_franken — all_in_one_favicon
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7.2024-02-236.8CVE-2023-24416
[email protected]
atakan_au — 1_click_disable_all
 
Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click disable all.This issue affects 1 click disable all: from n/a through 1.0.1.2024-02-285.4CVE-2024-21749
[email protected]
athemes — sydney_toolbox
 
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1447
[email protected]
[email protected]
[email protected]
[email protected]
averta — master_slider_-_responsive_touch_slider
 
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ms_slide shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-026.4CVE-2024-1449
[email protected]
[email protected]
averta — master_slider_-_responsive_touch_slider
 
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.3. This is due to missing or incorrect nonce validation on the ‘process_bulk_action’ function. This makes it possible for unauthenticated attackers to duplicate or delete arbitrary sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-03-025.4CVE-2023-6326
[email protected]
[email protected]
averta — master_slider_–_responsive_touch_slider
 
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.5. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-03-024.4CVE-2024-0611
[email protected]
[email protected]
awordpresslife — coming_soon_maintenance_mode
 
The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the plugin.2024-02-295.3CVE-2024-1475
[email protected]
[email protected]
beijing_baichuo — smart_s42_management_platform
 
A vulnerability has been found in Beijing Baichuo Smart S42 Management Platform up to 20240219 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument hidwel leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254839. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-274.7CVE-2024-1918
[email protected]
[email protected]
[email protected]
bradvin — best_wordpress_gallery_plugin_–_foogallery
 
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-294.4CVE-2024-0604
[email protected]
[email protected]
[email protected]
brandonwamboldt — wordpress_access_control
 
The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin’s “Make Website Members Only” feature (when unset) and view restricted page and post content.2024-02-285.3CVE-2024-0975
[email protected]
[email protected]
bytesforall — atahualpa
 
Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24.2024-02-285.4CVE-2024-27948
[email protected]
c-ares — c-ares
 
c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.2024-02-234.4CVE-2024-25629
[email protected]
[email protected]
cifi — starbox_-_the_author_box_for_humans
 
The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2023-6806
[email protected]
[email protected]
cisco — cisco_nx-os_software
 
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.2024-02-295.8CVE-2024-20291
[email protected]
cisco — cisco_nx_-_os_software
 
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).2024-02-296.6CVE-2024-20294
[email protected]
cisco — cisco_unified_computing_system_(managed)
 
A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality.2024-02-295.3CVE-2024-20344
[email protected]
cisco — clamav
 
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands. ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.2024-03-015.3CVE-2024-20328
[email protected]
cleantalk_-_anti-spam_protection — spam_protection,_anti-spam,_firewall_by_cleantalk
 
Cross-Site Request Forgery (CSRF) vulnerability in ?leanTalk – Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.2024-02-294.3CVE-2023-51696
[email protected]
cockpit_cms — cockpit_cms
 
A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.2024-02-295.5CVE-2024-2001
[email protected]
code-projects — crime_reporting_system
 
A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file police_add.php. The manipulation of the argument police_name/police_id/police_spec/password leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254609 was assigned to this vulnerability.2024-02-235.5CVE-2024-1821
[email protected]
[email protected]
[email protected]
code-projects — e-commerce_websiteA vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. This affects an unknown part of the file user_signup.php. The manipulation of the argument firstname with the input <video/src=x onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249003.2024-02-294.3CVE-2023-7108
[email protected]
[email protected]
[email protected]
code-projects — e-commerce_website
 
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file product_details.php?prod_id=11. The manipulation of the argument prod_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249001 was assigned to this vulnerability.2024-02-296.3CVE-2023-7106
[email protected]
[email protected]
[email protected]
code-projects — e-commerce_website
 
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system.2024-03-015.8CVE-2024-24900
[email protected]
code-projects — e-commerce_website
 
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been classified as critical. Affected is an unknown function of the file index_search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249000.2024-02-294.7CVE-2023-7105
[email protected]
[email protected]
[email protected]
codeastro — house_rental_management_system
 
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255392.2024-03-015.3CVE-2024-2076
[email protected]
[email protected]
[email protected]
codeastro — membership_management_system
 
A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /get_membership_amount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254859.2024-02-276.3CVE-2024-1924
[email protected]
[email protected]
[email protected]
codeastro — simple_voting_system
 
A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611.2024-02-235.3CVE-2024-1823
[email protected]
[email protected]
[email protected]
codeastro — house_rental_management_system
 
A vulnerability, which was classified as problematic, was found in CodeAstro House Rental Management System 1.0. This affects an unknown part of the component User Registration Page. The manipulation of the argument address with the input <img src=”1″ onerror=”console.log(1)”> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254613 was assigned to this vulnerability.2024-02-234.3CVE-2024-1825
[email protected]
[email protected]
[email protected]
codeastro — membership_management_system
 
A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /uploads/ of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254606 is the identifier assigned to this vulnerability.2024-02-234.7CVE-2024-1818
[email protected]
[email protected]
[email protected]
codeastro — membership_management_system
 
A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the component Add Members Tab. The manipulation of the argument Member Photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254607.2024-02-234.7CVE-2024-1819
[email protected]
[email protected]
[email protected]
collizo4sky — paid_membership_plugin,_ecommerce,_user_registration_form,_login_form,_user_profile_&_restrict_content_-_profilepress
 
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘type’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1408
[email protected]
[email protected]
[email protected]
collizo4sky — paid_membership_plugin,_ecommerce,_user_registration_form,_login_form,_user_profile_&_restrict_content_-_profilepress
 
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires a member listing page to be active and using the Gerbera theme.2024-02-296.5CVE-2024-1519
[email protected]
[email protected]
[email protected]
collizo4sky — paid_membership_plugin,_ecommerce,_user_registration_form,_login_form,_user_profile_&_restrict_content_-_profilepress
 
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1570
[email protected]
[email protected]
[email protected]
commend — ws203vicm
 
A weak encoding is used to transmit credentials for WS203VICM.2024-03-015.7CVE-2024-23492
[email protected]
[email protected]
cusrev — customer_reviews_for_woocommerce
 
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.2024-02-284.3CVE-2023-51692
[email protected]
davidoffneal — simple_share_buttons_adder
 
The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-294.4CVE-2024-0621
[email protected]
[email protected]
[email protected]
debian — debian_cpio
 
Debian’s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in –no-absolute-filenames. Upstream has since provided a proper fix to –no-absolute-filenames.2024-02-294.9CVE-2023-7207
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
dell — cpg_bios
 
Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.2024-03-016.8CVE-2023-48674
[email protected]
dell — dup_framework
 
Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.2024-03-016.7CVE-2023-39254
[email protected]
dell — ecs
 
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace2024-02-286.8CVE-2024-22459
[email protected]
dgewirtz — my_private_site
 
The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin’s site privacy feature and view restricted page and post content.2024-02-295.3CVE-2024-0978
[email protected]
[email protected]
directus — directus
 
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. The problem has been resolved in versions 10.8.3 and newer.2024-03-015.3CVE-2024-27296
[email protected]
[email protected]
dpgaspar — flask-appbuilder
 
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user’s browser. This issue was introduced on 4.1.4 and patched on 4.2.1.2024-02-294.3CVE-2024-27083
[email protected]
[email protected]
duplicator — duplicator_-_wordpress_migration_&_backup_plugin
 
Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through 1.5.7.2024-02-286.5CVE-2023-51681
[email protected]
easynolo — gestpay_for_woocommerce
 
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the ‘ajax_set_default_card’ function. This makes it possible for unauthenticated attackers to set the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-284.3CVE-2024-0431
[email protected]
[email protected]
easynolo — gestpay_for_woocommerce
 
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the ‘ajax_delete_card’ function. This makes it possible for unauthenticated attackers to delete the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-284.3CVE-2024-0432
[email protected]
[email protected]
easynolo — gestpay_for_woocommerce
 
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the ‘ajax_unset_default_card’ function. This makes it possible for unauthenticated attackers to remove the default status of a card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-284.3CVE-2024-0433
[email protected]
[email protected]
ecwid_ecommerce — ecwid_ecommerce_shopping_cart
 
Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4.2024-02-285.4CVE-2023-51533
[email protected]
element-hq — element-android
 
Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the `files` directory in the application’s private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have set `android:exported=”false”` in the `AndroidManifest.xml` file for the `IncomingShareActivity` activity are not impacted. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.2024-02-294CVE-2024-26132
[email protected]
[email protected]
[email protected]
elemntor — elementor_website_builder_-_more_than_just_a_page_builder
 
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instance[alt] parameter in the get_image_alt function in all versions up to, and including, 3.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-02-296.4CVE-2024-0506
[email protected]
[email protected]
[email protected]
[email protected]
envothemes — envo&#039;s_elementor_templates_&_widgets_for_woocommerce
 
The Envo’s Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to create templates.2024-02-284.3CVE-2024-0766
[email protected]
[email protected]
envothemes — envo&#039;s_elementor_templates_&_widgets_for_woocommerce
 
The Envo’s Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajax_plugin_activation function. This makes it possible for unauthenticated attackers to activate arbitrary installed plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-284.3CVE-2024-0767
[email protected]
[email protected]
envothemes — envo&#039;s_elementor_templates_&_widgets_for_woocommerce
 
The Envo’s Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajax_theme_activation function. This makes it possible for unauthenticated attackers to activate arbitrary installed themes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-284.3CVE-2024-0768
[email protected]
[email protected]
eteubert — archivist_-_custom_archive_templates
 
The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode_attributes’ parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-02-246.1CVE-2024-1810
[email protected]
[email protected]
extendthemes — colibri_page_builderThe Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-234.3CVE-2024-1362
[email protected]
[email protected]
extendthemes — colibri_page_builder
 
The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-234.3CVE-2024-1360
[email protected]
[email protected]
extendthemes — colibri_page_builder
 
The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. This makes it possible for unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-234.3CVE-2024-1361
[email protected]
[email protected]
f1logic — insert_php_code_snippet
 
The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user’s name when accessing the insert-php-code-snippet-manage page in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-294.4CVE-2024-0658
[email protected]
[email protected]
florent73 — wp_maintenance
 
The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin’s maintenance mode obtain post and page content via REST API.2024-02-295.3CVE-2024-1472
[email protected]
[email protected]
foucciano — restaurant_solutions_–_checklist
 
The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-294.4CVE-2024-1977
[email protected]
[email protected]
frenify — categorify_–_wordpress_media_library_category_&_file_manager
 
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete categories.2024-02-274.3CVE-2024-1649
[email protected]
[email protected]
frenify — categorify_–_wordpress_media_library_category_&_file_manager
 
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to rename categories.2024-02-274.3CVE-2024-1650
[email protected]
[email protected]
frenify — categorify_–_wordpress_media_library_category_&_file_manager
 
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear categories.2024-02-274.3CVE-2024-1652
[email protected]
[email protected]
frenify — categorify_–_wordpress_media_library_category_&_file_manager
 
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the folder position of categories as well as update the metadata of other taxonomies.2024-02-274.3CVE-2024-1653
[email protected]
[email protected]
frenify — categorify_–_wordpress_media_library_category_&_file_manager
 
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-274.3CVE-2024-1906
[email protected]
[email protected]
frenify — categorify_–_wordpress_media_library_category_&_file_manager
 
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-274.3CVE-2024-1907
[email protected]
[email protected]
frenify — categorify_–_wordpress_media_library_category_&_file_manager
 
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-274.3CVE-2024-1909
[email protected]
[email protected]
frenify — categorify_–_wordpress_media_library_category_&_file_manager
 
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-274.3CVE-2024-1910
[email protected]
[email protected]
frenify — categorify_–_wordpress_media_library_category_&_file_manager
 
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update the folder position of categories as well as update the metadata of other taxonomies via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-274.3CVE-2024-1912
[email protected]
[email protected]
g5theme — ultimate_bootstrap_elements_for_elementor
 
The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_title_tag’ and ‘heading_sub_title_tag’ parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-026.4CVE-2024-1398
[email protected]
[email protected]
[email protected]
getkirby — kirby
 
Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a “Custom” link type for advanced use cases that don’t fit any of the pre-defined link formats. As the “Custom” link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.2024-02-264.6CVE-2024-27087
[email protected]
[email protected]
gn_themes — wp_shortcodes_plugin_-_shortcodes_ultimate
 
The WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-0792
[email protected]
[email protected]
[email protected]
[email protected]
gn_themes — wp_shortcodes_plugin_-_shortcodes_ultimate
 
The WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘su_qrcode’ shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-286.4CVE-2024-1808
[email protected]
[email protected]
gpriday — siteorigin_widgets_bundleThe SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1070
[email protected]
[email protected]
[email protected]
gpriday — siteorigin_widgets_bundle
 
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 1.58.3 offers a partial fix.2024-02-296.4CVE-2024-1058
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
gs_plugins — logo_slider_–_logo_showcase,_logo_carousel,_logo_gallery_and_client_logo_presentation
 
Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1.2024-02-294.3CVE-2023-51530
[email protected]
haivision — aviwest_manager
 
Server-Side Request Forgery vulnerability in Haivision’s Aviwest Manager and Aviwest Steamhub. This vulnerability could allow an attacker to enumerate internal network configuration without the need for credentials. An attacker could compromise an internal server and retrieve requests sent by other users.2024-02-286.5CVE-2024-1965
[email protected]
harrison_chase — langchain
 
A vulnerability was found in Harrison Chase LangChain 0.1.9. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255372.2024-03-016.3CVE-2024-2057
[email protected]
[email protected]
[email protected]
[email protected]
hasthemes — ht_mega_–_absolute_addons_for_elementor
 
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3.2024-02-294.3CVE-2023-51529
[email protected]
hcl_software — hcl_domino_server
 
Internet passwords stored in Person documents in the Domino® Directory created using the “Add Person” action on the People & Groups tab in the Domino® Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers with access to the hashed value to determine a user’s password, e.g. using a brute force attack. This issue does not impact Person documents created through user registration https://help.hcltechsw.com/domino/10.0.1/admin/conf_userregistration_c.html .2024-02-295.9CVE-2023-37495
[email protected]
heateor — social_sharing_plugin_-_sassy_social_share
 
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1448
[email protected]
[email protected]
[email protected]
helpdeskz — helpdeskz
 
A Cross-Site Scripting (XSS) vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user’s browser session.2024-03-014.6CVE-2024-2078
[email protected]
heureka_group — heureka
 
Cross-Site Request Forgery (CSRF) vulnerability in Heureka Group Heureka.This issue affects Heureka: from n/a through 1.0.8.2024-02-294.3CVE-2024-25931
[email protected]
hewlett_packard_enterprise_(hpe) — aruba_clearpass_policy_manager
 
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.2024-02-276.6CVE-2024-26299
[email protected]
hewlett_packard_enterprise_(hpe) — aruba_clearpass_policy_manager
 
A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.2024-02-276.6CVE-2024-26300
[email protected]
hewlett_packard_enterprise_(hpe) — aruba_clearpass_policy_manager
 
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.2024-02-276.5CVE-2024-26301
[email protected]
hewlett_packard_enterprise_(hpe) — aruba_clearpass_policy_manager
 
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.2024-02-274.8CVE-2024-26302
[email protected]
hikvision — hikcentral_professional
 
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values.2024-03-024.3CVE-2024-25064
[email protected]
hitachi_vantara — pentaho_data_integration_&_analytics
 
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.2024-02-285.3CVE-2023-5617
[email protected]
hoppscotch — hoppscotch
 
Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) – TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload (external link) is presented in clickable form – easier to achieve own goals by malicious actors. This issue is fixed in 2023.12.6.2024-02-295.4CVE-2024-27092
[email protected]
[email protected]
[email protected]
hypr — workforce_access
 
Improper Link Resolution Before File Access (‘Link Following’) vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.2024-02-295.5CVE-2024-0068
[email protected]
ibm — cloud_pak_for_automation
 
IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.2024-02-296.5CVE-2023-38367
[email protected]
[email protected]
ibm — cloud_pak_for_security
 
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388.2024-02-295.9CVE-2021-39090
[email protected]
[email protected]
ibm — cognos_analytics
 
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510.2024-02-266.5CVE-2022-34357
[email protected]
[email protected]
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260744.2024-02-266.1CVE-2023-38359
[email protected]
[email protected]
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290.2024-02-265.3CVE-2023-30996
[email protected]
[email protected]
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267451.2024-02-265.4CVE-2023-43051
[email protected]
[email protected]
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.2024-02-264.3CVE-2023-32344
[email protected]
[email protected]
ibm — cognos_command_center
 
IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038.2024-03-015.3CVE-2023-50324
[email protected]
[email protected]
ibm — engineering_requirements_management
 
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.2024-03-016.5CVE-2023-28949
[email protected]
[email protected]
ibm — engineering_requirements_management
 
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052.2024-03-014.8CVE-2023-28525
[email protected]
[email protected]
ibm — enginerring_requirements_management
 
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.2024-03-015.1CVE-2023-50305
[email protected]
[email protected]
ibm — filenet_content_manager
 
IBM CP4BA – Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656.2024-03-016.3CVE-2023-47716
[email protected]
[email protected]
ibm — filenet_content_manager
 
IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 261115.2024-03-015.3CVE-2023-38366
[email protected]
[email protected]
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333.2024-02-286.1CVE-2023-50303
[email protected]
[email protected]
ibm — security_guardium_key_lifecycle_manager
 
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 247599.2024-02-295.5CVE-2023-25926
[email protected]
[email protected]
ibm — security_guardium_key_lifecycle_manager
 
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. IBM X-Force ID: 247621.2024-02-284.3CVE-2023-25922
[email protected]
[email protected]
ibm — watson_cloudpak_for_data_data_stores
 
IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.2024-02-294CVE-2023-27545
[email protected]
[email protected]
ibm — watson_iot_platform
 
An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201.2024-02-295.9CVE-2023-38372
[email protected]
[email protected]
ibm — websphere_application_server_liberty
 
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.2024-03-015.3CVE-2023-50312
[email protected]
[email protected]
ideaboxcreations — powerpack_addons_for_elementor_(free_widgets,_extensions_and_templates)
 
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1411
[email protected]
[email protected]
imagerecycle — imagerecycle_pdf_&_image_compressionThe ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to remove all plugin data.2024-02-294.3CVE-2024-1091
[email protected]
[email protected]
imagerecycle — imagerecycle_pdf_&_image_compression
 
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable image optimization.2024-02-294.3CVE-2024-0983
[email protected]
[email protected]
imagerecycle — imagerecycle_pdf_&_image_compression
 
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to disable the image optimization setting.2024-02-294.3CVE-2024-0984
[email protected]
[email protected]
imagerecycle — imagerecycle_pdf_&_image_compression
 
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.2024-02-294.3CVE-2024-1089
[email protected]
[email protected]
imagerecycle — imagerecycle_pdf_&_image_compression
 
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.2024-02-294.3CVE-2024-1090
[email protected]
[email protected]
imagerecycle — imagerecycle_pdf_&_image_compression
 
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to enable image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-294.3CVE-2024-1334
[email protected]
[email protected]
imagerecycle — imagerecycle_pdf_&_image_compression
 
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to disable the image optimization setting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-294.3CVE-2024-1335
[email protected]
[email protected]
imagerecycle — imagerecycle_pdf_&_image_compression
 
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-294.3CVE-2024-1336
[email protected]
[email protected]
imagerecycle — imagerecycle_pdf_&_image_compression
 
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-294.3CVE-2024-1338
[email protected]
[email protected]
imagerecycle — imagerecycle_pdf_&_image_compression
 
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove all plugin data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-294.3CVE-2024-1339
[email protected]
[email protected]
infinitewp — infinitewp_client
 
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window of the backup process.2024-02-295.9CVE-2023-6565
[email protected]
[email protected]
iovamihai — paid_membership_subscriptions_–_effortless_memberships,_recurring_payments_&_content_restriction
 
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and including, 2.11.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create pricing tables.2024-02-294.3CVE-2024-1390
[email protected]
[email protected]
[email protected]
ironikus — email_encoder_-_protect_email_addresses_and_phone_numbers
 
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1282
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
ivoamihai — paid_membership_subscriptions_-_effortless_memeberships,_recurring_payments_&_content_restriction
 
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys.2024-02-295.3CVE-2024-1389
[email protected]
[email protected]
[email protected]
ivole — customer_reviews_for_woocommerce
 
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘submit_review’ function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled.2024-02-295.3CVE-2024-1044
[email protected]
[email protected]
jeffparker — yarpp_–_yet_another_related_posts_plugin
 
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-294.4CVE-2024-0602
[email protected]
[email protected]
[email protected]
jordy_meow — media_alt_renamer
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jordy Meow Media Alt Renamer allows Stored XSS.This issue affects Media Alt Renamer: from n/a through 0.0.1.2024-02-295.9CVE-2024-1434
[email protected]
justinsainton — wp_ecommerce
 
The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrary content.2024-02-285.3CVE-2024-1516
[email protected]
[email protected]
kaliforms — contact_form_builder_with_drag_&_drop_for_wordpress_–_kali_forms
 
The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.2024-02-294.3CVE-2024-1218
[email protected]
[email protected]
kaspersky — kaspersky_security_for_linux_mail_server_8
 
Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions.2024-02-296.1CVE-2024-1619
[email protected]
leap13 — premium_addons_for_elementor
 
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1242
[email protected]
[email protected]
lg_electronics — lg_signage_tv
 
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage.2024-02-266.3CVE-2024-1885
[email protected]
livemesh — elementor_addons_by_livemesh
 
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1235
[email protected]
[email protected]
[email protected]
lsegal — yard
 
YARD is a Ruby Documentation tool. The “frames.html” file within the Yard Doc’s generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the “frames.erb” template file. This vulnerability is fixed in 0.9.36.2024-02-285.4CVE-2024-27285
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
m&s_consulting — email_before_download
 
Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7.2024-02-294.3CVE-2024-23519
[email protected]
magazine3 — schema_&_structured_data_for_wp_&_amp
 
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default the required authentication level is admin, but administrators have the ability to assign role based access to users as low as subscriber.2024-02-296.4CVE-2024-1586
[email protected]
[email protected]
magazine3 — schema_&_structured_data_for_wp_&_amp
 
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘saswp_reviews_form_render’ function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin’s stored reCaptcha site and secret keys, potentially breaking the reCaptcha functionality.2024-02-294.3CVE-2024-1288
[email protected]
[email protected]
[email protected]
mailerlite — mailer_-_woocommerce_integration
 
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.2024-02-285.4CVE-2023-52223
[email protected]
malihu — page_scroll_to_id
 
The Page scroll to id plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1445
[email protected]
[email protected]
[email protected]
[email protected]
manish_kumar_agarwal — change_table_prefix
 
Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix.This issue affects Change Table Prefix: from n/a through 2.0.2024-02-294.3CVE-2024-25932
[email protected]
marceljm — featured_image_from_url_(fifu)
 
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifu_input_url parameter in all versions up to, and including, 4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1496
[email protected]
[email protected]
[email protected]
matomoteam — matomo_analytics_-_ethical_stats._-powerful_insights.
 
The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-02-296.1CVE-2023-6923
[email protected]
[email protected]
matt_martz_&_andy_stratton — page_restrict
 
Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy Stratton Page Restrict.This issue affects Page Restrict: from n/a through 2.5.5.2024-02-284.3CVE-2024-24702
[email protected]
mattdeclaire — redirects
 
The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could lead to undesired redirection to phishing sites or malicious web pages.2024-02-286.5CVE-2024-1566
[email protected]
[email protected]
mattermost — mattermost
 
Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export. 2024-02-294.3CVE-2024-1887
[email protected]
mattermost — mattermost
 
Mattermost fails to check the “invite_guest” permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server2024-02-294.3CVE-2024-1888
[email protected]
mattermost — mattermost
 
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.2024-02-294.3CVE-2024-1942
[email protected]
mattermost — mattermost
 
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.2024-02-294.3CVE-2024-1953
[email protected]
mattermost — mattermost
 
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. 2024-02-294.3CVE-2024-23493
[email protected]
mattermost — mattermost
 
Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.2024-02-294.3CVE-2024-24988
[email protected]
mdempfle — advanced_iframe
 
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additional_js attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-294.9CVE-2024-1341
[email protected]
[email protected]
mgibbs189 — custom_field_suite
 
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-294.4CVE-2024-0689
[email protected]
[email protected]
microsoft — microsoft_edge
 
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability2024-02-234.8CVE-2024-21423
[email protected]
microsoft — microsoft_edge_for_adroid
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability2024-02-234.3CVE-2024-26188
[email protected]
mitsubishi_electric_corporation — melsec_iq_-_f_series_fx5u_-_32mt/es
 
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack.2024-02-275.3CVE-2023-7033
[email protected]
[email protected]
[email protected]
mohammed_kaludi — amp_for_wp_-_accelerated_mobile_pages
 
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘amppb_remove_saved_layout_data’ function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with contributor access and above, to delete arbitrary posts on the site.2024-02-296.5CVE-2024-1043
[email protected]
[email protected]
[email protected]
[email protected]
moxa — eds-4008_series
 
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests.2024-02-266.5CVE-2024-0387
[email protected]
mrt3vn — thank_you_page_customizer_for_woocommerce_–_increase_your_sales
 
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII.2024-02-275.3CVE-2024-1686
[email protected]
[email protected]
mrt3vn — thank_you_page_customizer_for_woocommerce_–_increase_your_sales
 
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.2024-02-275.4CVE-2024-1687
[email protected]
[email protected]
n/a — ctcms
 
A vulnerability was found in Ctcms 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file ctcms/apps/controllers/admin/Upsys.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254860.2024-02-275CVE-2024-1925
[email protected]
[email protected]
[email protected]
n/a — nway_pro
 
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-295.3CVE-2024-2009
[email protected]
[email protected]
n/a — vmware_workstation
 
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.2024-02-295.9CVE-2024-22251
[email protected]
native_grid_llc — a_no-code_page_builder_for_beautiful_performance-based_content
 
Cross-Site Request Forgery (CSRF) vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20.2024-02-294.3CVE-2024-24701
[email protected]
netentsec — ns_-_asg_application_security_gateway

 

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-016.3CVE-2024-2022
[email protected]
[email protected]
[email protected]
netentsec — ns_-_asg_application_security_gateway
 
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255300. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-016.3CVE-2024-2021
[email protected]
[email protected]
[email protected]
nextendweb — nextend_social_login_and_register
 
The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘error_description’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers, with access to a subscriber-level account, to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: This vulnerability can be successfully exploited on a vulnerable WordPress instance against an OAuth pre-authenticated higher-level user (e.g., administrator) by leveraging a cross-site request forgery in conjunction with a certain social engineering technique to achieve a critical impact scenario (cross-site scripting to administrator-level account creation). However, successful exploitation requires “Debug mode” to be enabled in the plugin’s “Global Settings”.2024-03-025.4CVE-2024-1775
[email protected]
[email protected]
nimeshrmr — wp_private_content_plus
 
The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.2024-02-285.3CVE-2024-0680
[email protected]
[email protected]
nuggethon — custom_order_statuses_for_woocommerceCross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2.2024-02-294.3CVE-2024-25930
[email protected]
oceanwp — ocean_extra
 
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1277
[email protected]
[email protected]
[email protected]
[email protected]
octa_code — accessibilityCross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6.2024-02-285.4CVE-2024-24705
[email protected]
oisf — suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.2024-02-265.3CVE-2024-24568
[email protected]
[email protected]
[email protected]
oliverpos — oliver_pos_-_a_woocommerce_point_of_sale_(pos)The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for unauthenticated attackers to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-286.3CVE-2024-1954
[email protected]
[email protected]
onnx — onnx
 
Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.2024-02-234.4CVE-2024-27319
6f8de1f0-f67e-45a6-b68f-98777fdb759c
opentext — arcsight_enterprise_security_manager
 
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely exploited.2024-03-014.3CVE-2024-0967
[email protected]
osuuu — lightpicture
 
A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254855.2024-02-275.6CVE-2024-1920
[email protected]
[email protected]
[email protected]
osuuu — lightpicture
 
A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254856.2024-02-274.7CVE-2024-1921
[email protected]
[email protected]
[email protected]
pascal_bajorat — pb_oembed_html5_audio_-_with_cache_support
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6.2024-02-296.5CVE-2024-25098
[email protected]
patrickposner — passster_-_password_protect_pages_and_content
 
The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages.2024-02-295.3CVE-2024-0616
[email protected]
[email protected]
paul_jura_&_nicolas_montigny — pj_news_ticker
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paul Jura & Nicolas Montigny PJ News Ticker allows Stored XSS.This issue affects PJ News Ticker: from n/a through 1.9.5.2024-02-296.5CVE-2024-25094
[email protected]
perfmatters — perfmatters
 
Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.2024-02-295.4CVE-2023-47874
[email protected]
pintrest — querybook
 
Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability. During the “query auto-suggestion” the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability. A patch to rectify this issue has been introduced in Querybook version 3.31.2.2024-02-286.1CVE-2024-27103
[email protected]
[email protected]
pluggabl — booster_for_woocommerce
 
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wcj_product_barcode’ shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like ‘color’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1054
[email protected]
[email protected]
raaj_trambadia — pexels:_free_stock_photos
 
Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2.2024-02-234.9CVE-2024-25915
[email protected]
rack — rackRack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.2024-02-295.3CVE-2024-25126
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
rack — rackRack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.2024-02-295.8CVE-2024-26141
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
rack — rack
 
Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.2024-02-295.3CVE-2024-26146
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
rahman — selectcours
 
A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379.2024-03-014.3CVE-2024-2064
[email protected]
[email protected]
[email protected]
rails — rails
 
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in “_html”, a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1.2024-02-276.1CVE-2024-26143
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
rails — rails
 
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.2024-02-275.3CVE-2024-26144
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
recipes — recipes
 
Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF.2024-03-015.3CVE-2024-0403
[email protected]
[email protected]
rogierlankhorst — complianz_–_gdpr/ccpa_cookie_consent
 
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it possible for unauthenticated attackers to delete GDPR data requests via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-03-024.3CVE-2024-1592
[email protected]
[email protected]
sammartin — microsoft_clarity
 
The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-296.1CVE-2024-0590
[email protected]
[email protected]
samuelkwle — page_duplicator
 
The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_dat_page() function in all versions up to, and including, 0.1.1. This makes it possible for unauthenticated attackers to duplicate arbitrary posts and pages.2024-02-285.3CVE-2024-1368
[email protected]
[email protected]
savvy_wordpress_development — mywaze
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Savvy WordPress Development MyWaze allows Stored XSS.This issue affects MyWaze: from n/a through 1.6.2024-02-296.5CVE-2024-25594
[email protected]
scott_paterson — easy_paypal_&_stripe_buy_now_buttonCross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1.2024-02-285.4CVE-2023-51683
[email protected]
scottpaterson — contact_form_7_–_paypal_&_stripe_add-on
 
The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the ‘wpecpp_stripe_connect_completion’ function. This makes it possible for unauthenticated attackers to modify the plugins settings and chance the stripe connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-284.3CVE-2024-1719
[email protected]
[email protected]
[email protected]
senol_sahin — ai_power:_complete_ai_pack_–_powered_by_gpt-4
 
Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12.2024-02-294.3CVE-2023-51528
[email protected]
seraphinitesoft — seraphinite_accelerator
 
The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.2024-02-286.4CVE-2024-1568
[email protected]
[email protected]
session — session
 
Session version 1.17.5 allows obtaining internal application files and public files from the user’s device without the user’s consent. This is possible because the application is vulnerable to Local File Read via chat attachments.2024-03-014.4CVE-2024-2045
[email protected]
[email protected]
shopfiles_ltd — ebook_store
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through 5.788.2024-02-295.9CVE-2024-23501
[email protected]
showdownjs — showdown
 
An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions.2024-02-265.3CVE-2024-1899
[email protected]
silabs.com — ember_znet_sdk
 
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.2024-02-236.2CVE-2023-51392
[email protected]
silabs.com — ember_znet_sdk
 
Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.2024-02-235.3CVE-2023-51393
[email protected]
silabs.com — ember_znet_sdk
 
High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs’s Ember ZNet SDK before v7.4.0, causing a system crash.2024-02-235.3CVE-2023-51394
[email protected]
sirv.com — image_optimizer,_resizer_and_cdn_–_sirv
 
Server-Side Request Forgery (SSRF) vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0.2024-03-015.4CVE-2024-27949
[email protected]
sirv.com — image_optimizer,_resizer_and_cdn_–_sirv
 
Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0.2024-03-015.4CVE-2024-27950
[email protected]
sivel — page_restrict
 
The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.2024-02-285.3CVE-2024-0682
[email protected]
[email protected]
sma — sunny_webox
 
Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier.2024-02-266.4CVE-2024-1890
[email protected]
smashballoon — custom_twitter_feeds_–_a_tweets_widget_or_x_feed_widget
 
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it possible for unauthenticated attackers to update the site’s twitter API token and secret via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-294.3CVE-2024-0379
[email protected]
[email protected]
[email protected]
sminozzi — disable_json_api,_login_lockdown,_xmlrpc,_pingback,_stop_user_enumeration_anti_hacker_scan
 
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection2024-02-286.5CVE-2024-1860
[email protected]
[email protected]
sminozzi — disable_json_api,_login_lockdown,_xmlrpc,_pingback,_stop_user_enumeration_anti_hacker_scan
 
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table.2024-02-284.3CVE-2024-1861
[email protected]
[email protected]
softaculous — page_builder:_pagelayer_drag_and_drop_website_builder
 
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-234.6CVE-2024-1590
[email protected]
[email protected]
sonalsinha21 — skt_page_builder
 
The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘saveSktbuilderPageData’ function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary content into pages.2024-02-294.3CVE-2024-1337
[email protected]
[email protected]
sonicwall — sma100
 
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user’s MFA mobile application.2024-02-246.3CVE-2024-22395
[email protected]
sourcecodester — block_inserter_for_dynamic_content
 
A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255388.2024-03-016.3CVE-2024-2073
[email protected]
[email protected]
[email protected]
sourcecodester — complaint_management_software
 
A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. This issue affects some unknown processing of the file users/register-complaint.php of the component Lodge Complaint Section. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254723.2024-02-266.3CVE-2024-1875
[email protected]
[email protected]
[email protected]
sourcecodester — computer_inventory_system
 
A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-computer.php. The manipulation of the argument computer leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255382 is the identifier assigned to this vulnerability.2024-03-016.3CVE-2024-2067
[email protected]
[email protected]
[email protected]
sourcecodester — employee_management_system
 
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cancel.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254725 was assigned to this vulnerability.2024-02-266.3CVE-2024-1877
[email protected]
[email protected]
[email protected]
sourcecodester — employee_management_system
 
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254726 is the identifier assigned to this vulnerability.2024-02-266.3CVE-2024-1878
[email protected]
[email protected]
[email protected]
sourcecodester — faq_management_system
 
A vulnerability classified as critical has been found in SourceCodester FAQ Management System 1.0. Affected is an unknown function of the file /endpoint/delete-faq.php. The manipulation of the argument faq leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255384.2024-03-016.3CVE-2024-2069
[email protected]
[email protected]
[email protected]
sourcecodester — free_and_open_source_inventory_management_system
 
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254861 was assigned to this vulnerability.2024-02-276.3CVE-2024-1926
[email protected]
[email protected]
[email protected]
sourcecodester — online_learning_system_v2
 
A vulnerability, which was classified as problematic, was found in SourceCodester Online Learning System V2 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255126 is the identifier assigned to this vulnerability.2024-02-294.3CVE-2024-1970
[email protected]
[email protected]
[email protected]
sourcecodester — petrol_pump_management_software
 
A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255373 was assigned to this vulnerability.2024-03-014.7CVE-2024-2058
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester — petrol_pump_management_software
 
A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-255374 is the identifier assigned to this vulnerability.2024-03-014.7CVE-2024-2059
[email protected]
[email protected]
[email protected]
sourcecodester — petrol_pump_management_software
 
A vulnerability classified as critical has been found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/app/login_crud.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255375.2024-03-014.7CVE-2024-2060
[email protected]
[email protected]
[email protected]
sourcecodester — petrol_pump_management_software
 
A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. This vulnerability affects unknown code of the file /admin/edit_supplier.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255376.2024-03-014.7CVE-2024-2061
[email protected]
[email protected]
[email protected]
sourcecodester — petrol_pump_management_software
 
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. This issue affects some unknown processing of the file /admin/edit_categories.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255377 was assigned to this vulnerability.2024-03-014.7CVE-2024-2062
[email protected]
[email protected]
[email protected]
sourcecodester — simple_online_bidding_system
 
A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255393 was assigned to this vulnerability.2024-03-016.3CVE-2024-2077
[email protected]
[email protected]
[email protected]
sourcecodester — simple_student_attendance_systemA vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class/delete_student of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337’+or+1=1;–+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability.2024-02-276.3CVE-2024-1923
[email protected]
[email protected]
[email protected]
sourcecodester — web-based_student_clearance_system
 
A vulnerability, which was classified as critical, has been found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-admin.php of the component Edit User Profile Page. The manipulation of the argument Fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254864.2024-02-294.7CVE-2024-1928
[email protected]
[email protected]
[email protected]
sourcecodester — web_-_based_student_clearance_system
 
A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/login.php. The manipulation of the argument txtpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254863.2024-02-296.3CVE-2024-1927
[email protected]
[email protected]
[email protected]
stacklok — minder
 
Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with policy (because the webhooks for the repo do not match any known repository in the database). When attempting to register a repo with a different repo ID, the registered provider must have admin on the named repo, or a 404 error will result. Similarly, if the stored provider token does not have repo access, then the remediations will not apply successfully. Lastly, it appears that reconciliation actions do not execute against repos with this type of mismatch. This appears to primarily be a potential denial-of-service vulnerability. This vulnerability is patched in version 0.20240226.1425+ref.53868a8.2024-02-264.6CVE-2024-27093
[email protected]
[email protected]
sunshinephotocart — sunshined_photo_cart:_free_client_galleries
 
The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the ‘invoice’. This makes it possible for unauthenticated attackers to extract sensitive data including customer email and physical addresses.2024-02-295.3CVE-2024-1294
[email protected]
[email protected]
[email protected]
superfaktura — superfaktura_woocommerce
 
The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wc_sf_url_check function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.2024-02-265.4CVE-2024-1758
[email protected]
[email protected]
[email protected]
tainacan.org — tainacan
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.6.2024-02-295.3CVE-2024-1435
[email protected]
thehappymonster — happy_addons_for_elementor
 
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-0438
[email protected]
[email protected]
[email protected]
[email protected]
thehappymonster — happy_addons_for_elementor
 
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-0838
[email protected]
[email protected]
[email protected]
themefusecom — brizy_–_page_builder
 
The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the ‘id’. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server2024-02-264.3CVE-2024-1165
[email protected]
[email protected]
[email protected]
themeisle — orbit_fox_by_themisle
 
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-276.4CVE-2024-1323
[email protected]
[email protected]
[email protected]
[email protected]
themeisle — rss_aggregator_by_feedzy_-_feed_to_post,_autoblogging,_news_&_youtube_video_feeds_aggregator
 
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘feedzy_wizard_step_process’ and ‘import_status’ functions in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with Contributor access and above, who are normally restricted to only being able to create posts rather than pages, to draft and publish posts with arbitrary content.2024-02-296.5CVE-2024-1318
[email protected]
[email protected]
[email protected]
[email protected]
themeum — tutor_lms_-_elearning_and_online_course_solution
 
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student access and above, to inject arbitrary HTML onto a site, though it does not allow Cross-Site Scripting2024-02-295.4CVE-2024-1128
[email protected]
[email protected]
themeum — tutor_lms_–_elearning_and_online_course_solution
 
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with subscriber access or higher, to interact with questions in courses in which they are not enrolled including private courses.2024-02-294.3CVE-2024-1133
[email protected]
[email protected]
thrive_themes — thrive_automator
 
Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17.2024-02-295.4CVE-2023-51531
[email protected]
tigroumeow — ai_engineThe AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-026.5CVE-2024-0378
[email protected]
[email protected]
totolink — x6000r_ax3000
 
A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-236.3CVE-2024-1781
[email protected]
[email protected]
[email protected]
vickyagravat — codemirror_blocks
 
The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-286.4CVE-2024-1791
[email protected]
[email protected]
w3speedster — w3speedster
 
Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19.2024-02-294.3CVE-2024-24708
[email protected]
webaways — nex_-_forms-_ultimate_form_builder_-_contact_forms_and_much_more
 
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records.2024-02-295.3CVE-2024-0907
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
webaways — nex_-_forms-_ultimate_form_builder_-_contact_forms_and_much_more
 
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as starred.2024-02-295.3CVE-2024-1129
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
webaways — nex_-_forms-_ultimate_form_builder_-_contact_forms_and_much_more
 
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as read.2024-02-295.3CVE-2024-1130
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
webfactory — login_lockdown_-_protect_login_form
 
The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and higher, to export this plugin’s settings that include whitelisted IP addresses as well as a global unlock key. With the global unlock key an attacker can add their IP address to the whitelist.2024-02-295.4CVE-2024-1340
[email protected]
[email protected]
[email protected]
wiloke — woocommerce_coupon_popup,_smartbar,_slide_in_|_myshopkit
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit.This issue affects WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit: from n/a through 1.0.9.2024-02-265.3CVE-2024-1436
[email protected]
wpdevteam — embedpress_-_embed_pdf,_youtube,_google_docs,_vimeo,_wistia_videos,_audios,_maps_&_any_documents_in_gutenberg_&_elementor
 
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1349
[email protected]
[email protected]
[email protected]
wpdevteam — essential_addons_for_elementor_-_best_elementor_templates,_widgets,_kits_&_woocommerce_buildersThe Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1236
[email protected]
[email protected]
[email protected]
[email protected]
wpdevteam — essential_addons_for_elementor_-_best_elementor_templates,_widgets,_kits_&_woocommerce_builders
 
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Accordion widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-295.4CVE-2024-1172
[email protected]
[email protected]
[email protected]
[email protected]
wpdevteam — essentials_addons_for_elementor_-_best_elementor_templates,_widgets,_kits_&_woocommerce_builders
 
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1276
[email protected]
[email protected]
[email protected]
wpdevteam — 
 
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-295.4CVE-2024-1171
[email protected]
[email protected]
wpdevteam — embedpress_-_embed_pdf,_youtube,_google_docs,_vimeo,_wistia_videos,_audios,_maps_&_any_documents_in_gutenberg_&_elementor
 
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-1425
[email protected]
[email protected]
[email protected]
wpexpertsio — password_protected_–_ultimate_plugin_to_password_protect_your_wordpress_content_with_ease
 
The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-294.4CVE-2024-0656
[email protected]
[email protected]
wpify — wpify_woo_czech
 
The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known.2024-02-295.3CVE-2024-1492
[email protected]
[email protected]
wpmoose — yuki
 
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme’s settings.2024-02-284.3CVE-2024-1388
[email protected]
[email protected]
wpmoose — yuki
 
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the reset_customizer_options() function. This makes it possible for unauthenticated attackers to reset the themes settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-284.3CVE-2024-1943
[email protected]
[email protected]
wproyal — royal_elementor_addons_and_templates
 
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-296.4CVE-2024-0442
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
wproyal — royal_elementor_addons_and_templates
 
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata.2024-02-295.3CVE-2024-0516
[email protected]
[email protected]
wproyal — royal_elementor_addons_and_templates
 
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_wishlist function. This makes it possible for unauthenticated attackers to add items to user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-294.3CVE-2024-0512
[email protected]
[email protected]
wproyal — royal_elementor_addons_and_templates
 
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This makes it possible for unauthenticated attackers to remove items from user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-294.3CVE-2024-0513
[email protected]
[email protected]
wproyal — royal_elementor_addons_and_templates
 
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it possible for unauthenticated attackers to add items to user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-294.3CVE-2024-0514
[email protected]
[email protected]
wproyal — royal_elementor_addons_and_templates
 
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_compare function. This makes it possible for unauthenticated attackers to remove items from user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-294.3CVE-2024-0515
[email protected]
[email protected]
wpshopmart — coming_soon_page_&_maintenance_mode
 
The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site’s content.2024-02-285.3CVE-2024-1136
[email protected]
[email protected]
wpvividplugins — migration,_backup,_staging_-_wpvivid
 
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS.2024-02-296.5CVE-2024-1982
[email protected]
[email protected]
[email protected]
wpwax — directorist_-_wordpress_business_directory_plugin_with_classified_ads_listings
 
The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘setup_wizard’ function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider.2024-02-295.3CVE-2024-1322
[email protected]
[email protected]
[email protected]
xlplugins — nextmove_lite_-_thank_you_page_for_woocommerce
 
The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack.2024-03-015.3CVE-2024-1120
[email protected]
[email protected]
[email protected]
yuryonfolio — ppwp_-_password_protect_pages
 
The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for password-protected posts.2024-02-295.3CVE-2024-0620
[email protected]
[email protected]
zestardtechnologies — admin_side_data_storage_for_contact_form_7The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses.2024-02-234.3CVE-2024-1778
[email protected]
[email protected]
zestardtechnologies — admin_side_data_storage_for_contact_form_7
 
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages.2024-02-235.3CVE-2024-1779
[email protected]
[email protected]
zestardtechnologies — admin_side_data_storage_for_contact_form_7
 
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers to update the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-234.3CVE-2024-1777
[email protected]
[email protected]

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
N/A — N/A
 
Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)2024-02-292.4CVE-2023-49337
[email protected]
[email protected]
[email protected]
apache_software_foundation — apache_camel
 
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.2024-02-262.9CVE-2024-22371
[email protected]
decidim — decidim
 
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Versions 0.26.9, 0.27.5, and 0.28.0 contain a patch for this issue. As a workaround, disable the Endorsement feature in the components.2024-02-293.1CVE-2023-47634
[email protected]
[email protected]
[email protected]
[email protected]
dell — secure_connect_gateway_(scg)_5.0_appliance_-_srs
 
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.2024-03-013.7CVE-2024-22458
[email protected]
hcl_software — bigfix_platform
 
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530.2024-02-293CVE-2023-37529
[email protected]
hcl_software — bigfix_platform
 
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information.2024-02-293CVE-2023-37530
[email protected]
hcl_software — bigfix_platform
 
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access.2024-02-293.3CVE-2023-37531
[email protected]
hcl_software — hcl_sametime_chat
 
Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.2024-02-233.9CVE-2023-37540
[email protected]
hyper — cdcatalog
 
A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-252681 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-293.3CVE-2024-1191
[email protected]
[email protected]
[email protected]
lg_electronics — lg_signage_tv
 
This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage.2024-02-263CVE-2024-1886
[email protected]
linux — linux
 
A vulnerability classified as problematic was found in Limbas 5.2.14. Affected by this vulnerability is an unknown functionality of the file main_admin.php. The manipulation of the argument tab_group leads to sql injection. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-233.9CVE-2024-1784
[email protected]
[email protected]
[email protected]
mattermost — mattermost
 
Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts’ contents in channels they are not a member of.2024-02-293.1CVE-2024-1952
[email protected]
mattermost — mattermost
 
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled.2024-02-293.1CVE-2024-23488
[email protected]
mattermost — mattermost
 
A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts’ contents via carefully timed post creation while another user deletes posts.2024-02-292.6CVE-2024-1949
[email protected]
n/a — keycloak-core
 
A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.2024-02-293.7CVE-2024-1722
[email protected]
[email protected]
phpgurukul — tourism_management_system
 
A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254610 is the identifier assigned to this vulnerability.2024-02-232.4CVE-2024-1822
[email protected]
[email protected]
[email protected]
sourcecodester — barangay_population_monitoring_system
 
A vulnerability was found in SourceCodester Barangay Population Monitoring System up to 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/update-resident.php. The manipulation of the argument full_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255380.2024-03-013.5CVE-2024-2065
[email protected]
[email protected]
[email protected]
sourcecodester — computer_inventory_systemA vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. The manipulation of the argument question/answer leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255385 was assigned to this vulnerability.2024-03-013.5CVE-2024-2070
[email protected]
[email protected]
[email protected]
sourcecodester — computer_inventory_system
 
A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/update-computer.php. The manipulation of the argument model leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255383.2024-03-013.5CVE-2024-2068
[email protected]
[email protected]
[email protected]
sourcecodester — computer_inventory_system
 
A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-computer.php. The manipulation of the argument model leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255381 was assigned to this vulnerability.2024-03-012.4CVE-2024-2066
[email protected]
[email protected]
[email protected]
sourcecodester — daily_habit_trackerA vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255391.2024-03-013.5CVE-2024-2075
[email protected]
[email protected]
[email protected]
sourcecodester — employee_management_system
 
A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254694 is the identifier assigned to this vulnerability.2024-02-263.5CVE-2024-1871
[email protected]
[email protected]
[email protected]
sourcecodester — faq_management_system
 
A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Affected by this issue is some unknown functionality of the component Update FAQ. The manipulation of the argument Frequently Asked Question leads to cross site scripting. The attack may be launched remotely. VDB-255386 is the identifier assigned to this vulnerability.2024-03-013.5CVE-2024-2071
[email protected]
[email protected]
[email protected]
sourcecodester — flashcard_quiz_app
 
A vulnerability, which was classified as problematic, was found in SourceCodester Flashcard Quiz App 1.0. This affects an unknown part of the file /endpoint/update-flashcard.php. The manipulation of the argument question/answer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255387.2024-03-013.5CVE-2024-2072
[email protected]
[email protected]
[email protected]
sourcecodester — online_job_portal
 
A vulnerability classified as problematic was found in SourceCodester Online Job Portal 1.0. This vulnerability affects unknown code of the file /Employer/ManageWalkin.php of the component Manage Walkin Page. The manipulation of the argument Job Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-254854 is the identifier assigned to this vulnerability.2024-02-273.5CVE-2024-1919
[email protected]
[email protected]
[email protected]
sourcecodester — online_job_portal
 
A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254857 was assigned to this vulnerability.2024-02-273.5CVE-2024-1922
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester — online_job_portal
 
A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255128.2024-02-283.5CVE-2024-1972
[email protected]
[email protected]
[email protected]
sourcecodester — petrol_pump_management_software
 
A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profile_crud.php. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255378 is the identifier assigned to this vulnerability.2024-03-012.4CVE-2024-2063
[email protected]
[email protected]
[email protected]
sourcecodester — simple_student_attendance_systemA vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as problematic. This affects an unknown part of the file ?page=attendance&class_id=1. The manipulation of the argument class_date with the input 2024-02-23%22%3E%3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254625 was assigned to this vulnerability.2024-02-233.5CVE-2024-1834
[email protected]
[email protected]
[email protected]
south_river — webdrive
 
A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-252682 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-293.3CVE-2024-1192
[email protected]
[email protected]
[email protected]
vyperlang — vyper
 
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions.2024-02-263.7CVE-2024-24564
[email protected]
vyperlang — vyper
 
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions.2024-02-263.7CVE-2024-26149
[email protected]
wp_media — backwpup_–_wordpress_backup_plugin
 
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with administrator-level access, to retrieve the password from the password input field in the UI or from the options table where the password is stored.2024-02-262.2CVE-2023-5775
[email protected]
[email protected]

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
N/A — N/A
 
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2024-02-26not yet calculatedCVE-2019-25161
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33072
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33084
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33085
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33099
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33100
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33102
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33109
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33111
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33112
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33116
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33121
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33125
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33127
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33131
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33132
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33133
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33134
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33136
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33138
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33140
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33141
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33142
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33143
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33144
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33145
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33146
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33148
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33151
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33152
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33153
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33154
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33156
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33157
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33158
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33160
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33161
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33162
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33163
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33165
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-33167
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-37405
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-3885
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-41851
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-41852
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-41853
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-41854
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-41855
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-41856
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-41857
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-41858
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-41859
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-41860
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-43351
N/A — N/A
 
Rejected reason: This is unused.2024-02-23not yet calculatedCVE-2021-44457
N/A — N/A
 
An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution.2024-02-29not yet calculatedCVE-2022-34269
[email protected]
[email protected]
N/A — N/A
 
An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager.2024-02-29not yet calculatedCVE-2022-34270
[email protected]
[email protected]
N/A — N/A
 
Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document.2024-02-29not yet calculatedCVE-2022-36677
[email protected]
[email protected]
N/A — N/A
 
openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number (in the Saved Search Activity) via the Name, Description, or Activity Number field.2024-02-29not yet calculatedCVE-2023-27151
[email protected]
[email protected]
N/A — N/A
 
In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any” type, which may have unexpected results for access control.2024-02-29not yet calculatedCVE-2023-34198
[email protected]
N/A — N/A
 
Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script.2024-02-26not yet calculatedCVE-2023-36237
[email protected]
N/A — N/A
 
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer with malicious JavaScript elements that can result in data theft.2024-02-29not yet calculatedCVE-2023-41165
[email protected]
N/A — N/A
 
An arbitrary file upload vulnerability in the Update/Edit Student’s Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.2024-02-27not yet calculatedCVE-2023-41506
[email protected]
N/A — N/A
 
An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics.2024-02-29not yet calculatedCVE-2023-43769
[email protected]
[email protected]
[email protected]
[email protected]
N/A — N/A
 
In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don’t check permissions properly, allowing authenticated users to access data stored in the cluster.2024-02-28not yet calculatedCVE-2023-45859
[email protected]
[email protected]
N/A — N/A
 
An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (application exist) because of the OOM killer.2024-02-28not yet calculatedCVE-2023-45873
[email protected]
[email protected]
[email protected]
N/A — N/A
 
An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (outage of reader threads).2024-02-29not yet calculatedCVE-2023-45874
[email protected]
[email protected]
[email protected]
N/A — N/A
 
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.2024-03-01not yet calculatedCVE-2023-46950
[email protected]
[email protected]
[email protected]
N/A — N/A
 
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function.2024-03-01not yet calculatedCVE-2023-46951
[email protected]
[email protected]
[email protected]
N/A — N/A
 
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.2024-02-29not yet calculatedCVE-2023-48650
[email protected]
[email protected]
N/A — N/A
 
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.2024-02-29not yet calculatedCVE-2023-48651
[email protected]
[email protected]
N/A — N/A
 
Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.2024-02-29not yet calculatedCVE-2023-48653
[email protected]
[email protected]
N/A — N/A
 
Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost.2024-02-28not yet calculatedCVE-2023-49338
[email protected]
[email protected]
[email protected]
N/A — N/A
 
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/category. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter.2024-03-01not yet calculatedCVE-2023-49539
[email protected]
[email protected]
[email protected]
[email protected]
N/A — N/A
 
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter.2024-03-01not yet calculatedCVE-2023-49540
[email protected]
[email protected]
[email protected]
[email protected]
N/A — N/A
 
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating.2024-03-01not yet calculatedCVE-2023-49543
[email protected]
[email protected]
[email protected]
N/A — N/A
 
A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php.2024-03-01not yet calculatedCVE-2023-49544
[email protected]
[email protected]
[email protected]
N/A — N/A
 
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.2024-03-01not yet calculatedCVE-2023-49545
[email protected]
[email protected]
[email protected]
N/A — N/A
 
An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted.2024-02-29not yet calculatedCVE-2023-49930
[email protected]
[email protected]
[email protected]
N/A — N/A
 
An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.2024-02-29not yet calculatedCVE-2023-49931
[email protected]
[email protected]
[email protected]
N/A — N/A
 
An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.2024-02-29not yet calculatedCVE-2023-49932
[email protected]
[email protected]
[email protected]
N/A — N/A
 
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/start_update endpoint.2024-02-26not yet calculatedCVE-2023-49959
[email protected]
[email protected]
N/A — N/A
 
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint.2024-02-26not yet calculatedCVE-2023-49960
[email protected]
[email protected]
N/A — N/A
 
Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8    Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to version 2.7.8 which fixes this issue.2024-03-01not yet calculatedCVE-2023-50378
[email protected]
N/A — N/A
 
An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.2024-02-29not yet calculatedCVE-2023-50436
[email protected]
[email protected]
[email protected]
N/A — N/A
 
An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.2024-02-29not yet calculatedCVE-2023-50437
[email protected]
[email protected]
[email protected]
N/A — N/A
 
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.2024-02-29not yet calculatedCVE-2023-50658
[email protected]
[email protected]
N/A — N/A
 
BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.2024-02-29not yet calculatedCVE-2023-51773
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
N/A — N/A
 
The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.2024-02-29not yet calculatedCVE-2023-51774
[email protected]
N/A — N/A
 
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.2024-02-29not yet calculatedCVE-2023-51775
[email protected]
N/A — N/A
 
bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.2024-02-29not yet calculatedCVE-2023-51779
[email protected]
N/A — N/A
 
Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the main_settings component in the phone, address, bank, acc_name, acc_number parameters, new_class and cname parameter, add_new_parent function in the name email parameters, new_term function in the tname parameter, and the edit_student function in the name parameter.2024-02-29not yet calculatedCVE-2023-51800
[email protected]
N/A — N/A
 
SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages.2024-02-29not yet calculatedCVE-2023-51801
[email protected]
N/A — N/A
 
Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in the /php-attendance/attendance_report component.2024-02-29not yet calculatedCVE-2023-51802
[email protected]
N/A — N/A
 
An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.2024-02-29not yet calculatedCVE-2023-51835
[email protected]
[email protected]
N/A — N/A
 
Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.2024-02-28not yet calculatedCVE-2023-52047
[email protected]
N/A — N/A
 
RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/.2024-02-28not yet calculatedCVE-2023-52048
[email protected]
N/A — N/A
 
In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.2024-03-01not yet calculatedCVE-2023-52555
[email protected]
N/A — N/A
 
Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file.2024-02-28not yet calculatedCVE-2024-22532
[email protected]
N/A — N/A
 
An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function.2024-02-27not yet calculatedCVE-2024-22543
[email protected]
N/A — N/A
 
An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function.2024-02-27not yet calculatedCVE-2024-22544
[email protected]
N/A — N/A
 
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the “media_folder” parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the ‘media/’ directory) to access sensitive files in other parts of the application’s file system.2024-02-28not yet calculatedCVE-2024-22723
[email protected]
N/A — N/A
 
An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.2024-02-29not yet calculatedCVE-2024-22871
[email protected]
N/A — N/A
 
Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST request.2024-02-26not yet calculatedCVE-2024-22873
[email protected]
[email protected]
[email protected]
[email protected]
N/A — N/A
 
Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.2024-03-01not yet calculatedCVE-2024-22891
[email protected]
N/A — N/A
 
SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.2024-02-27not yet calculatedCVE-2024-22917
[email protected]
N/A — N/A
 
Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter.2024-02-29not yet calculatedCVE-2024-22936
[email protected]
[email protected]
N/A — N/A
 
Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component.2024-02-29not yet calculatedCVE-2024-22939
[email protected]
[email protected]
N/A — N/A
 
SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.2024-02-28not yet calculatedCVE-2024-22983
[email protected]
[email protected]
[email protected]
N/A — N/A
 
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.2024-02-29not yet calculatedCVE-2024-23052
[email protected]
[email protected]
N/A — N/A
 
Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.2024-02-29not yet calculatedCVE-2024-23302
[email protected]
[email protected]
[email protected]
N/A — N/A
 
SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists.2024-02-27not yet calculatedCVE-2024-24027
[email protected]
N/A — N/A
 
Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.2024-02-27not yet calculatedCVE-2024-24095
[email protected]
N/A — N/A
 
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN.2024-02-27not yet calculatedCVE-2024-24096
[email protected]
N/A — N/A
 
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update.2024-02-27not yet calculatedCVE-2024-24099
[email protected]
N/A — N/A
 
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID.2024-02-27not yet calculatedCVE-2024-24100
[email protected]
N/A — N/A
 
A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.2024-02-29not yet calculatedCVE-2024-24146
[email protected]
N/A — N/A
 
A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.2024-02-29not yet calculatedCVE-2024-24147
[email protected]
N/A — N/A
 
A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.2024-02-28not yet calculatedCVE-2024-24148
[email protected]
N/A — N/A
 
A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.2024-02-29not yet calculatedCVE-2024-24149
[email protected]
N/A — N/A
 
A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.2024-02-29not yet calculatedCVE-2024-24150
[email protected]
N/A — N/A
 
Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tracks list, but mp42aac cannot correctly delete when we got an no audio track found error. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mp4 file.2024-02-29not yet calculatedCVE-2024-24155
[email protected]
N/A — N/A
 
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.2024-02-29not yet calculatedCVE-2024-24246
[email protected]
N/A — N/A
 
SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component.2024-02-27not yet calculatedCVE-2024-24323
[email protected]
N/A — N/A
 
SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.2024-02-26not yet calculatedCVE-2024-24401
[email protected]
N/A — N/A
 
An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.2024-02-26not yet calculatedCVE-2024-24402
[email protected]
N/A — N/A
 
Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component.2024-03-01not yet calculatedCVE-2024-24511
[email protected]
[email protected]
N/A — N/A
 
Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component.2024-03-01not yet calculatedCVE-2024-24512
[email protected]
[email protected]
N/A — N/A
 
An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL.2024-02-29not yet calculatedCVE-2024-24525
[email protected]
N/A — N/A
 
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.2024-02-26not yet calculatedCVE-2024-24528
N/A — N/A
 
An issue was discovered on Innovaphone PBX before 14r1 devices. It provides different responses to incoming requests in a way that reveals information to an attacker.2024-02-27not yet calculatedCVE-2024-24720
[email protected]
N/A — N/A
 
An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel2024-02-27not yet calculatedCVE-2024-24721
[email protected]
N/A — N/A
 
XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import.2024-02-29not yet calculatedCVE-2024-25006
[email protected]
[email protected]
[email protected]
N/A — N/A
 
Splinefont in FontForge through 20230101 allows command injection via crafted filenames.2024-02-26not yet calculatedCVE-2024-25081
[email protected]
[email protected]
N/A — N/A
 
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.2024-02-26not yet calculatedCVE-2024-25082
[email protected]
[email protected]
N/A — N/A
 
Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file.2024-02-27not yet calculatedCVE-2024-25166
[email protected]
N/A — N/A
 
An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.2024-02-28not yet calculatedCVE-2024-25169
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
N/A — N/A
 
An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.2024-02-28not yet calculatedCVE-2024-25170
[email protected]
[email protected]
[email protected]
N/A — N/A
 
An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path ‘/pdf’.2024-02-29not yet calculatedCVE-2024-25180
[email protected]
N/A — N/A
 
Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar.2024-02-28not yet calculatedCVE-2024-25202
[email protected]
N/A — N/A
 
SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters.2024-02-26not yet calculatedCVE-2024-25247
[email protected]
N/A — N/A
 
SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter.2024-02-26not yet calculatedCVE-2024-25248
[email protected]
N/A — N/A
 
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.2024-02-29not yet calculatedCVE-2024-25262
[email protected]
[email protected]
N/A — N/A
 
Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.2024-02-29not yet calculatedCVE-2024-25291
[email protected]
N/A — N/A
 
Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter.2024-02-29not yet calculatedCVE-2024-25292
[email protected]
N/A — N/A
 
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.2024-03-01not yet calculatedCVE-2024-25293
[email protected]
N/A — N/A
 
Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components.2024-02-26not yet calculatedCVE-2024-25344
[email protected]
[email protected]
[email protected]
[email protected]
N/A — N/A
 
SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters.2024-02-28not yet calculatedCVE-2024-25350
[email protected]
N/A — N/A
 
SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter.2024-02-28not yet calculatedCVE-2024-25351
[email protected]
N/A — N/A
 
Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file.2024-03-01not yet calculatedCVE-2024-25386
[email protected]
[email protected]
N/A — N/A
 
In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service.2024-02-27not yet calculatedCVE-2024-25398
[email protected]
[email protected]
N/A — N/A
 
Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.2024-02-27not yet calculatedCVE-2024-25399
[email protected]
N/A — N/A
 
Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php.2024-02-27not yet calculatedCVE-2024-25400
[email protected]
[email protected]
[email protected]
N/A — N/A
 
flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php.2024-02-26not yet calculatedCVE-2024-25410
[email protected]
N/A — N/A
 
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.2024-02-28not yet calculatedCVE-2024-25422
[email protected]
N/A — N/A
 
A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter.2024-03-01not yet calculatedCVE-2024-25434
[email protected]
[email protected]
N/A — N/A
 
A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter.2024-02-28not yet calculatedCVE-2024-25435
[email protected]
N/A — N/A
 
A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.2024-03-01not yet calculatedCVE-2024-25436
[email protected]
[email protected]
N/A — N/A
 
A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.2024-03-01not yet calculatedCVE-2024-25438
[email protected]
[email protected]
N/A — N/A
 
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2024-03-01not yet calculatedCVE-2024-25553
N/A — N/A
 
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2024-03-01not yet calculatedCVE-2024-25554
N/A — N/A
 
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg –use-embedded-filenames option is trusted.2024-02-27not yet calculatedCVE-2024-25711
[email protected]
[email protected]
[email protected]
N/A — N/A
 
http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files.2024-02-29not yet calculatedCVE-2024-25712
[email protected]
[email protected]
N/A — N/A
 
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.)2024-02-29not yet calculatedCVE-2024-25713
[email protected]
N/A — N/A
 
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.2024-02-27not yet calculatedCVE-2024-25723
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
N/A — N/A
 
A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function.2024-02-26not yet calculatedCVE-2024-25751
[email protected]
N/A — N/A
 
openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c.2024-02-26not yet calculatedCVE-2024-25763
[email protected]
N/A — N/A
 
nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.2024-02-26not yet calculatedCVE-2024-25767
[email protected]
N/A — N/A
 
OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c.2024-02-26not yet calculatedCVE-2024-25768
[email protected]
N/A — N/A
 
libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.2024-02-26not yet calculatedCVE-2024-25770
[email protected]
N/A — N/A
 
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.2024-02-29not yet calculatedCVE-2024-25830
[email protected]
N/A — N/A
 
F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface.2024-02-29not yet calculatedCVE-2024-25831
[email protected]
N/A — N/A
 
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.2024-02-29not yet calculatedCVE-2024-25832
[email protected]
N/A — N/A
 
F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database.2024-02-29not yet calculatedCVE-2024-25833
[email protected]
N/A — N/A
 
In the module “Account Manager | Sales Representative & Dealers | CRM” (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.2024-02-27not yet calculatedCVE-2024-25840
[email protected]
[email protected]
N/A — N/A
 
In the module “So Flexibilite” (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection.2024-02-27not yet calculatedCVE-2024-25841
[email protected]
[email protected]
N/A — N/A
 
In the module “Import/Update Bulk Product from any Csv/Excel File Pro” (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.2024-02-27not yet calculatedCVE-2024-25843
[email protected]
[email protected]
N/A — N/A
 
In the module “Product Catalog (CSV, Excel) Import” (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.2024-02-27not yet calculatedCVE-2024-25846
[email protected]
[email protected]
N/A — N/A
 
A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code.2024-02-28not yet calculatedCVE-2024-25859
[email protected]
N/A — N/A
 
Cross Site Scripting (XSS) vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function.2024-03-02not yet calculatedCVE-2024-25865
[email protected]
N/A — N/A
 
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component.2024-02-28not yet calculatedCVE-2024-25866
[email protected]
N/A — N/A
 
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component.2024-02-28not yet calculatedCVE-2024-25867
[email protected]
N/A — N/A
 
A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the add_type.php component.2024-02-28not yet calculatedCVE-2024-25868
[email protected]
N/A — N/A
 
An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component.2024-02-28not yet calculatedCVE-2024-25869
[email protected]
N/A — N/A
 
A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet.2024-02-28not yet calculatedCVE-2024-26342
[email protected]
N/A — N/A
 
Cross Site Scripting vulnerability in Piwigo before v.14.2.0 allows a remote attacker to escalate privileges via the batch function on the admin page.2024-02-28not yet calculatedCVE-2024-26450
[email protected]
N/A — N/A
 
fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.2024-02-26not yet calculatedCVE-2024-26455
[email protected]
N/A — N/A
 
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.2024-02-29not yet calculatedCVE-2024-26458
[email protected]
N/A — N/A
 
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.2024-02-29not yet calculatedCVE-2024-26461
[email protected]
N/A — N/A
 
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.2024-02-29not yet calculatedCVE-2024-26462
[email protected]
N/A — N/A
 
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.2024-02-27not yet calculatedCVE-2024-26464
N/A — N/A
 
A DOM based cross-site scripting (XSS) vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL.2024-02-26not yet calculatedCVE-2024-26465
[email protected]
N/A — N/A
 
A DOM based cross-site scripting (XSS) vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL.2024-02-26not yet calculatedCVE-2024-26466
[email protected]
N/A — N/A
 
A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL.2024-02-26not yet calculatedCVE-2024-26467
[email protected]
N/A — N/A
 
A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL.2024-02-26not yet calculatedCVE-2024-26468
[email protected]
N/A — N/A
 
A host header injection vulnerability in the forgot password function of FullStackHero’s WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.2024-02-29not yet calculatedCVE-2024-26470
[email protected]
[email protected]
[email protected]
N/A — N/A
 
A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php.2024-02-29not yet calculatedCVE-2024-26471
[email protected]
[email protected]
N/A — N/A
 
A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the selector or validator parameters in offer.php.2024-02-29not yet calculatedCVE-2024-26472
[email protected]
[email protected]
N/A — N/A
 
A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php.2024-02-29not yet calculatedCVE-2024-26473
[email protected]
[email protected]
N/A — N/A
 
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.2024-02-28not yet calculatedCVE-2024-26476
[email protected]
[email protected]
N/A — N/A
 
Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field.2024-02-27not yet calculatedCVE-2024-26542
[email protected]
N/A — N/A
 
An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.2024-02-29not yet calculatedCVE-2024-26548
[email protected]
N/A — N/A
 
An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.2024-02-28not yet calculatedCVE-2024-26559
[email protected]
N/A — N/A
 
Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the (non-default) ADB Debugging option is enabled, and after the initiator of that specific connection attempt has been approved via a full-screen prompt.2024-02-26not yet calculatedCVE-2024-27350
[email protected]
[email protected]
[email protected]
N/A — N/A
 
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.2024-03-01not yet calculatedCVE-2024-27354
[email protected]
[email protected]
N/A — N/A
 
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).2024-03-01not yet calculatedCVE-2024-27355
[email protected]
[email protected]
N/A — N/A
 
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.2024-02-27not yet calculatedCVE-2024-27356
[email protected]
[email protected]
N/A — N/A
 
Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.2024-02-26not yet calculatedCVE-2024-27359
[email protected]
N/A — N/A
 
langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro__, or __base__ attribute in Python code. These are not prohibited by pal_chain/base.py.2024-02-26not yet calculatedCVE-2024-27444
[email protected]
N/A — N/A
 
pretix before 2024.1.1 mishandles file validation.2024-02-26not yet calculatedCVE-2024-27447
[email protected]
N/A — N/A
 
In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user’s ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.02.03 and Assetwise Information Integrity Server 23.00.04.04.2024-02-26not yet calculatedCVE-2024-27455
[email protected]
N/A — N/A
 
rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.2024-02-26not yet calculatedCVE-2024-27456
[email protected]
N/A — N/A
 
Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.2024-03-01not yet calculatedCVE-2024-27497
[email protected]
N/A — N/A
 
Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.2024-03-01not yet calculatedCVE-2024-27499
[email protected]
[email protected]
N/A — N/A
 
libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.2024-02-27not yet calculatedCVE-2024-27507
[email protected]
N/A — N/A
 
Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.2024-02-27not yet calculatedCVE-2024-27508
[email protected]
N/A — N/A
 
Osclass 5.1.2 is vulnerable to SQL Injection.2024-02-28not yet calculatedCVE-2024-27515
[email protected]
N/A — N/A
 
livehelperchat 4.28v is vulnerable to Server-Side Template Injection (SSTI).2024-02-29not yet calculatedCVE-2024-27516
[email protected]
N/A — N/A
 
Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions.2024-02-29not yet calculatedCVE-2024-27517
[email protected]
N/A — N/A
 
Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting (XSS) within the blog title of the settings.2024-03-01not yet calculatedCVE-2024-27558
[email protected]
N/A — N/A
 
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php2024-03-01not yet calculatedCVE-2024-27559
[email protected]
N/A — N/A
 
LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2024-03-01not yet calculatedCVE-2024-27567
[email protected]
N/A — N/A
 
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2024-03-01not yet calculatedCVE-2024-27568
[email protected]
N/A — N/A
 
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2024-03-01not yet calculatedCVE-2024-27569
[email protected]
N/A — N/A
 
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2024-03-01not yet calculatedCVE-2024-27570
[email protected]
N/A — N/A
 
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2024-03-01not yet calculatedCVE-2024-27571
[email protected]
N/A — N/A
 
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2024-03-01not yet calculatedCVE-2024-27572
[email protected]
N/A — N/A
 
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.2024-02-29not yet calculatedCVE-2024-27655
[email protected]
N/A — N/A
 
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.2024-02-29not yet calculatedCVE-2024-27656
[email protected]
N/A — N/A
 
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.2024-02-29not yet calculatedCVE-2024-27657
[email protected]
N/A — N/A
 
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.2024-02-29not yet calculatedCVE-2024-27658
[email protected]
N/A — N/A
 
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.2024-02-29not yet calculatedCVE-2024-27659
[email protected]
N/A — N/A
 
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.2024-02-29not yet calculatedCVE-2024-27660
[email protected]
N/A — N/A
 
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.2024-02-29not yet calculatedCVE-2024-27661
[email protected]
N/A — N/A
 
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.2024-02-29not yet calculatedCVE-2024-27662
[email protected]
N/A — N/A
 
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php.2024-03-01not yet calculatedCVE-2024-27689
[email protected]
N/A — N/A
 
A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component.2024-03-01not yet calculatedCVE-2024-27734
[email protected]
N/A — N/A
 
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.2024-03-01not yet calculatedCVE-2024-27743
[email protected]
[email protected]
[email protected]
N/A — N/A
 
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.2024-03-01not yet calculatedCVE-2024-27744
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
N/A — N/A
 
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.2024-03-01not yet calculatedCVE-2024-27746
[email protected]
[email protected]
[email protected]
N/A — N/A
 
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.2024-03-01not yet calculatedCVE-2024-27747
[email protected]
[email protected]
[email protected]
N/A — N/A
 
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.2024-02-28not yet calculatedCVE-2024-27913
[email protected]
acronis — acronis_cyber_protect_16
 
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.2024-02-27not yet calculatedCVE-2023-48678
[email protected]
acronis — acronis_cyber_protect_16
 
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.2024-02-27not yet calculatedCVE-2023-48679
[email protected]
acronis — acronis_cyber_protect_16
 
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.2024-02-27not yet calculatedCVE-2023-48680
[email protected]
acronis — acronis_cyber_protect_16
 
Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.2024-02-27not yet calculatedCVE-2023-48681
[email protected]
acronis — acronis_cyber_protect_16
 
Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.2024-02-27not yet calculatedCVE-2023-48682
[email protected]
apache_software_foundation — apache_airflow
 
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability2024-03-01not yet calculatedCVE-2024-26280
[email protected]
[email protected]
apache_software_foundation — apache_airflow
 
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability2024-02-29not yet calculatedCVE-2024-27906
[email protected]
[email protected]
[email protected]
[email protected]
apache_software_foundation — apache_ambari
 
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.2024-02-27not yet calculatedCVE-2023-50379
[email protected]
[email protected]
apache_software_foundation — apache_ambari
 
XML External Entity injection in apache ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The vulnerability was caused through lack of proper user input validation. This vulnerability is known as an XML External Entity (XXE) injection attack. Attackers can exploit XXE vulnerabilities to read arbitrary files on the server, including sensitive system files. In theory, it might be possible to use this to escalate privileges.2024-02-27not yet calculatedCVE-2023-50380
[email protected]
[email protected]
apache_software_foundation — apache_dolphinscheduler
 
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn’t fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue.2024-02-23not yet calculatedCVE-2024-23320
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apache_software_foundation — apache_james_mime4j
 
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.2024-02-27not yet calculatedCVE-2024-21742
[email protected]
[email protected]
apache_software_foundation — apache_james_server
 
Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JMX endpoint is only bound locally. We recommend users to:  – Upgrade to a non-vulnerable Apache James version  – Run Apache James isolated from other processes (docker – dedicated virtual machine)  – If possible turn off JMX2024-02-27not yet calculatedCVE-2023-51518
[email protected]
apache_software_foundation — apache_james_server
 
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks. The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction. We recommend James users to upgrade to non vulnerable versions.2024-02-27not yet calculatedCVE-2023-51747
[email protected]
[email protected]
[email protected]
[email protected]
apache_software_foundation — apache_ofbiz
 
Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.2024-02-29not yet calculatedCVE-2024-23946
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apache_software_foundation — apache_ofbiz
 
Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue.2024-02-29not yet calculatedCVE-2024-25065
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apache_software_foundation — apache_xerces_c++The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.2024-02-29not yet calculatedCVE-2024-23807
[email protected]
[email protected]
crmeb — crmeb
 
SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.2024-02-23not yet calculatedCVE-2024-25469
[email protected]
[email protected]
elecom_co.,ltd. — wrc-1167gs2-b
 
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.2024-02-28not yet calculatedCVE-2024-21798
[email protected]
[email protected]
elecom_co.,ltd. — wrc-1167gs2-b
 
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.2024-02-28not yet calculatedCVE-2024-23910
[email protected]
[email protected]
elecom_co.,ltd. — wrc-1167gs2-b
 
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.2024-02-28not yet calculatedCVE-2024-25579
[email protected]
[email protected]
freescout-helpdesk — freescout-helpdesk/freescout
 
Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout2024-02-28not yet calculatedCVE-2024-1932
[email protected]
google — chrome
 
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)2024-02-29not yet calculatedCVE-2024-1938
[email protected]
[email protected]
[email protected]
google — chrome
 
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-02-29not yet calculatedCVE-2024-1939
[email protected]
[email protected]
[email protected]
hitron — coda
 
Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a “Hitron” substring, resulting in insufficient entropy (only about one million possibilities).2024-02-23not yet calculatedCVE-2024-25730
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
hp_inc. — hp_designjet
 
Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220.2024-03-01not yet calculatedCVE-2024-1869
[email protected]
hp_inc. — hp_thinpro_8.0
 
Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 8, which includes updates to mitigate potential vulnerabilities.2024-03-01not yet calculatedCVE-2024-1174
[email protected]
j’s_communications_co.,_ltd. — revoworks_scvx
 
Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using ‘VirusChecker’ or ‘ThreatChecker’ feature) and RevoWorks Browser prior to 2.2.95 (when using ‘VirusChecker’ or ‘ThreatChecker’ feature). If data containing malware is saved in a specific file format (eml, dmg, vhd, iso, msi), malware may be taken outside the sandboxed environment.2024-03-01not yet calculatedCVE-2024-25091
[email protected]
[email protected]
joomla!_project — joomla!_cms
 
The MFA management features did not properly terminate existing user sessions when a user’s MFA methods have been modified.2024-02-29not yet calculatedCVE-2024-21722
[email protected]
joomla!_project — joomla!_cms
 
Inadequate parsing of URLs could result into an open redirect.2024-02-29not yet calculatedCVE-2024-21723
[email protected]
joomla!_project — joomla!_cms
 
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.2024-02-29not yet calculatedCVE-2024-21724
[email protected]
joomla!_project — joomla!_cms
 
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.2024-02-29not yet calculatedCVE-2024-21725
[email protected]
joomla!_project — joomla!_cms
 
Inadequate content filtering leads to XSS vulnerabilities in various components.2024-02-29not yet calculatedCVE-2024-21726
[email protected]
langchain-ai — langchain-ai/chat-langchain
 
Cross-site Scripting (XSS) – DOM in GitHub repository langchain-ai/chat-langchain prior to 0.0.0.2024-03-02not yet calculatedCVE-2024-0968
[email protected]
[email protected]
langchain-ai — langchain-ai/langchain
 
With the following crawler configuration: “`python from bs4 import BeautifulSoup as Soup url = “https://example.com” loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x, “html.parser”).text ) docs = loader.load() “` An attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like “https://example.completely.different/my_file.html” and the crawler would proceed to download that file as well even though `prevent_outside=True`. https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51 Resolved in https://github.com/langchain-ai/langchain/pull/155592024-02-26not yet calculatedCVE-2024-0243
[email protected]
[email protected]
leo_khoa — laragon
 
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin.2024-02-29not yet calculatedCVE-2024-0864
[email protected]
[email protected]
[email protected]
linux — linuxIn the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: harden detection of controller The existing code currently sets a pointer to an ACPI handle before checking that it’s actually a SoundWire controller. This can lead to issues where the graph walk continues and eventually fails, but the pointer was set already. This patch changes the logic so that the information provided to the caller is set when a controller is found.2024-02-27not yet calculatedCVE-2021-46926
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linuxIn the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmounts f_fs. If userland provided an eventfd along with function’s USB descriptors, it ends up calling eventfd_ctx_put as many times, causing a refcount underflow. NULL-ify ffs_eventfd to prevent these extraneous eventfd_ctx_put calls. Also, set epfiles to NULL right after de-allocating it, for readability. For completeness, ffs_data_clear actually ends up being called thrice, the last call being before the whole ffs structure gets freed, so when this specific sequence happens there is a second underflow happening (but not being reported): /sys/kernel/debug/tracing# modprobe usb_f_fs /sys/kernel/debug/tracing# echo ffs_data_clear > set_ftrace_filter /sys/kernel/debug/tracing# echo function > current_tracer /sys/kernel/debug/tracing# echo 1 > tracing_on (setup gadget, run and kill function userland process, teardown gadget) /sys/kernel/debug/tracing# echo 0 > tracing_on /sys/kernel/debug/tracing# cat trace smartcard-openp-436 [000] ….. 1946.208786: ffs_data_clear <-ffs_data_closed smartcard-openp-431 [000] ….. 1946.279147: ffs_data_clear <-ffs_data_closed smartcard-openp-431 [000] .n… 1946.905512: ffs_data_clear <-ffs_data_put Warning output corresponding to above trace: [ 1946.284139] WARNING: CPU: 0 PID: 431 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15c [ 1946.293094] refcount_t: underflow; use-after-free. [ 1946.298164] Modules linked in: usb_f_ncm(E) u_ether(E) usb_f_fs(E) hci_uart(E) btqca(E) btrtl(E) btbcm(E) btintel(E) bluetooth(E) nls_ascii(E) nls_cp437(E) vfat(E) fat(E) bcm2835_v4l2(CE) bcm2835_mmal_vchiq(CE) videobuf2_vmalloc(E) videobuf2_memops(E) sha512_generic(E) videobuf2_v4l2(E) sha512_arm(E) videobuf2_common(E) videodev(E) cpufreq_dt(E) snd_bcm2835(CE) brcmfmac(E) mc(E) vc4(E) ctr(E) brcmutil(E) snd_soc_core(E) snd_pcm_dmaengine(E) drbg(E) snd_pcm(E) snd_timer(E) snd(E) soundcore(E) drm_kms_helper(E) cec(E) ansi_cprng(E) rc_core(E) syscopyarea(E) raspberrypi_cpufreq(E) sysfillrect(E) sysimgblt(E) cfg80211(E) max17040_battery(OE) raspberrypi_hwmon(E) fb_sys_fops(E) regmap_i2c(E) ecdh_generic(E) rfkill(E) ecc(E) bcm2835_rng(E) rng_core(E) vchiq(CE) leds_gpio(E) libcomposite(E) fuse(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) sdhci_iproc(E) sdhci_pltfm(E) sdhci(E) [ 1946.399633] CPU: 0 PID: 431 Comm: smartcard-openp Tainted: G C OE 5.15.0-1-rpi #1 Debian 5.15.3-1 [ 1946.417950] Hardware name: BCM2835 [ 1946.425442] Backtrace: [ 1946.432048] [<c08d60a0>] (dump_backtrace) from [<c08d62ec>] (show_stack+0x20/0x24) [ 1946.448226] r7:00000009 r6:0000001c r5:c04a948c r4:c0a64e2c [ 1946.458412] [<c08d62cc>] (show_stack) from [<c08d9ae0>] (dump_stack+0x28/0x30) [ 1946.470380] [<c08d9ab8>] (dump_stack) from [<c0123500>] (__warn+0xe8/0x154) [ 1946.482067] r5:c04a948c r4:c0a71dc8 [ 1946.490184] [<c0123418>] (__warn) from [<c08d6948>] (warn_slowpath_fmt+0xa0/0xe4) [ 1946.506758] r7:00000009 r6:0000001c r5:c0a71dc8 r4:c0a71e04 [ 1946.517070] [<c08d68ac>] (warn_slowpath_fmt) from [<c04a948c>] (refcount_warn_saturate+0x110/0x15c) [ 1946.535309] r8:c0100224 r7:c0dfcb84 r6:ffffffff r5:c3b84c00 r4:c24a17c0 [ 1946.546708] [<c04a937c>] (refcount_warn_saturate) from [<c0380134>] (eventfd_ctx_put+0x48/0x74) [ 1946.564476] [<c03800ec>] (eventfd_ctx_put) from [<bf5464e8>] (ffs_data_clear+0xd0/0x118 [usb_f_fs]) [ 1946.582664] r5:c3b84c00 r4:c2695b00 [ 1946.590668] [<bf546418>] (ffs_data_clear [usb_f_fs]) from [<bf547cc0>] (ffs_data_closed+0x9c/0x150 [usb_f_fs]) [ 1946.609608] r5:bf54d014 r4:c2695b00 [ 1946.617522] [<bf547c24>] (ffs_data_closed [usb_f_fs]) from [<bf547da0>] (ffs_fs_kill_sb+0x2c/0x30 [usb_f_fs]) [ 1946.636217] r7:c0dfcb —truncated—2024-02-27not yet calculatedCVE-2021-46933
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linuxIn the Linux kernel, the following vulnerability has been resolved: io_uring: fix shared sqpoll cancellation hangs [ 736.982891] INFO: task iou-sqp-4294:4295 blocked for more than 122 seconds. [ 736.982897] Call Trace: [ 736.982901] schedule+0x68/0xe0 [ 736.982903] io_uring_cancel_sqpoll+0xdb/0x110 [ 736.982908] io_sqpoll_cancel_cb+0x24/0x30 [ 736.982911] io_run_task_work_head+0x28/0x50 [ 736.982913] io_sq_thread+0x4e3/0x720 We call io_uring_cancel_sqpoll() one by one for each ctx either in sq_thread() itself or via task works, and it’s intended to cancel all requests of a specified context. However the function uses per-task counters to track the number of inflight requests, so it counts more requests than available via currect io_uring ctx and goes to sleep for them to appear (e.g. from IRQ), that will never happen. Cancel a bit more than before, i.e. all ctxs that share sqpoll and continue to use shared counters. Don’t forget that we should not remove ctx from the list before running that task_work sqpoll-cancel, otherwise the function wouldn’t be able to find the context and will hang.2024-02-27not yet calculatedCVE-2021-46942
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linuxIn the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix vm_flags for virtqueue doorbell mapping The virtqueue doorbell is usually implemented via registeres but we don’t provide the necessary vma->flags like VM_PFNMAP. This may cause several issues e.g when userspace tries to map the doorbell via vhost IOTLB, kernel may panic due to the page is not backed by page structure. This patch fixes this by setting the necessary vm_flags. With this patch, try to map doorbell via IOTLB will fail with bad address.2024-02-27not yet calculatedCVE-2021-46967
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linuxIn the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix zcard and zqueue hot-unplug memleak Tests with kvm and a kmemdebug kernel showed, that on hot unplug the zcard and zqueue structs for the unplugged card or queue are not properly freed because of a mismatch with get/put for the embedded kref counter. This fix now adjusts the handling of the kref counters. With init the kref counter starts with 1. This initial value needs to drop to zero with the unregister of the card or queue to trigger the release and free the object.2024-02-27not yet calculatedCVE-2021-46968
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linuxIn the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Fix invalid error returning in mhi_queue mhi_queue returns an error when the doorbell is not accessible in the current state. This can happen when the device is in non M0 state, like M3, and needs to be waken-up prior ringing the DB. This case is managed earlier by triggering an asynchronous M3 exit via controller resume/suspend callbacks, that in turn will cause M0 transition and DB update. So, since it’s not an error but just delaying of doorbell update, there is no reason to return an error. This also fixes a use after free error for skb case, indeed a caller queuing skb will try to free the skb if the queueing fails, but in that case queueing has been done.2024-02-27not yet calculatedCVE-2021-46969
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linuxIn the Linux kernel, the following vulnerability has been resolved: perf/core: Fix unconditional security_locked_down() call Currently, the lockdown state is queried unconditionally, even though its result is used only if the PERF_SAMPLE_REGS_INTR bit is set in attr.sample_type. While that doesn’t matter in case of the Lockdown LSM, it causes trouble with the SELinux’s lockdown hook implementation. SELinux implements the locked_down hook with a check whether the current task’s type has the corresponding “lockdown” class permission (“integrity” or “confidentiality”) allowed in the policy. This means that calling the hook when the access control decision would be ignored generates a bogus permission check and audit record. Fix this by checking sample_type first and only calling the hook when its result would be honored.2024-02-27not yet calculatedCVE-2021-46971
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linuxIn the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Disable preemption when probing user return MSRs Disable preemption when probing a user return MSR via RDSMR/WRMSR. If the MSR holds a different value per logical CPU, the WRMSR could corrupt the host’s value if KVM is preempted between the RDMSR and WRMSR, and then rescheduled on a different CPU. Opportunistically land the helper in common x86, SVM will use the helper in a future commit.2024-02-28not yet calculatedCVE-2021-46977
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linuxIn the Linux kernel, the following vulnerability has been resolved: xprtrdma: Fix cwnd update ordering After a reconnect, the reply handler is opening the cwnd (and thus enabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs() can post enough Receive WRs to receive their replies. This causes an RNR and the new connection is lost immediately. The race is most clearly exposed when KASAN and disconnect injection are enabled. This slows down rpcrdma_rep_create() enough to allow the send side to post a bunch of RPC Calls before the Receive completion handler can invoke ib_post_recv().2024-02-28not yet calculatedCVE-2021-47001
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linuxIn the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix tx skb dma unmap The first pointer in the txp needs to be unmapped as well, otherwise it will leak DMA mapping entries2024-02-28not yet calculatedCVE-2021-47032
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the fixes are straightforward. As a FYI for anyone backporting this patch to kernels prior to v4.8, you’ll want to apply the netlbl_bitmap_walk() patch to cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn’t exist before Linux v4.8.2024-02-26not yet calculatedCVE-2019-25160
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, added Fixes tag]2024-02-26not yet calculatedCVE-2019-25162
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock Using f2fs_trylock_op() in f2fs_write_compressed_pages() to avoid potential deadlock like we did in f2fs_write_single_data_page().2024-02-26not yet calculatedCVE-2020-36775
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/cpufreq_cooling: Fix slab OOB issue Slab OOB issue is scanned by KASAN in cpu_power_to_freq(). If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index. Return the lowest frequency if limited power cannot found a suitable OPP in EM table to fix this issue. Backtrace: [<ffffffd02d2a37f0>] die+0x104/0x5ac [<ffffffd02d2a5630>] bug_handler+0x64/0xd0 [<ffffffd02d288ce4>] brk_handler+0x160/0x258 [<ffffffd02d281e5c>] do_debug_exception+0x248/0x3f0 [<ffffffd02d284488>] el1_dbg+0x14/0xbc [<ffffffd02d75d1d4>] __kasan_report+0x1dc/0x1e0 [<ffffffd02d75c2e0>] kasan_report+0x10/0x20 [<ffffffd02d75def8>] __asan_report_load8_noabort+0x18/0x28 [<ffffffd02e6fce5c>] cpufreq_power2state+0x180/0x43c [<ffffffd02e6ead80>] power_actor_set_power+0x114/0x1d4 [<ffffffd02e6fac24>] allocate_power+0xaec/0xde0 [<ffffffd02e6f9f80>] power_allocator_throttle+0x3ec/0x5a4 [<ffffffd02e6ea888>] handle_thermal_trip+0x160/0x294 [<ffffffd02e6edd08>] thermal_zone_device_check+0xe4/0x154 [<ffffffd02d351cb4>] process_one_work+0x5e4/0xe28 [<ffffffd02d352f44>] worker_thread+0xa4c/0xfac [<ffffffd02d360124>] kthread+0x33c/0x358 [<ffffffd02d289940>] ret_from_fork+0xc/0x182024-02-27not yet calculatedCVE-2020-36776
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn` before setting it to NULL, as documented in include/media/media-device.h: “The media_entity instance itself must be freed explicitly by the driver if required.”2024-02-27not yet calculatedCVE-2020-36777
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in xiic_xfer and xiic_i2c_remove. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.2024-02-28not yet calculatedCVE-2020-36778
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in these stm32f7_i2c_xx serious functions. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.2024-02-28not yet calculatedCVE-2020-36779
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in sprd_i2c_master_xfer() and sprd_i2c_remove(). However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.2024-02-28not yet calculatedCVE-2020-36780
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix reference leak when pm_runtime_get_sync fails In i2c_imx_xfer() and i2c_imx_remove(), the pm reference count is not expected to be incremented on return. However, pm_runtime_get_sync will increment pm reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.2024-02-28not yet calculatedCVE-2020-36781
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in lpi2c_imx_master_enable. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.2024-02-28not yet calculatedCVE-2020-36782
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: i2c: img-scb: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions img_i2c_xfer and img_i2c_init. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.2024-02-28not yet calculatedCVE-2020-36783
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions cdns_i2c_master_xfer and cdns_reg_slave. However, pm_runtime_get_sync will increment pm usage counter even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.2024-02-28not yet calculatedCVE-2020-36784
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() The “s3a_buf” is freed along with all the other items on the “asd->s3a_stats” list. It leads to a double free and a use after free.2024-02-28not yet calculatedCVE-2020-36785
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: media: [next] staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554_platform_data_func returns an error there is a memory leak on the error return path of object flash. Fix this by adding an error return path that will free flash and rename labels fail2 to fail3 and fail1 to fail2.2024-02-28not yet calculatedCVE-2020-36786
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: media: aspeed: fix clock handling logic Video engine uses eclk and vclk for its clock sources and its reset control is coupled with eclk so the current clock enabling sequence works like below. Enable eclk De-assert Video Engine reset 10ms delay Enable vclk It introduces improper reset on the Video Engine hardware and eventually the hardware generates unexpected DMA memory transfers that can corrupt memory region in random and sporadic patterns. This issue is observed very rarely on some specific AST2500 SoCs but it causes a critical kernel panic with making a various shape of signature so it’s extremely hard to debug. Moreover, the issue is observed even when the video engine is not actively used because udevd turns on the video engine hardware for a short time to make a query in every boot. To fix this issue, this commit changes the clock handling logic to make the reset de-assertion triggered after enabling both eclk and vclk. Also, it adds clk_unprepare call for a case when probe fails. clk: ast2600: fix reset settings for eclk and vclk Video engine reset setting should be coupled with eclk to match it with the setting for previous Aspeed SoCs which is defined in clk-aspeed.c since all Aspeed SoCs are sharing a single video engine driver. Also, reset bit 6 is defined as ‘Video Engine’ reset in datasheet so it should be de-asserted when eclk is enabled. This commit fixes the setting.2024-02-28not yet calculatedCVE-2020-36787
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the next one results in a null-ptr-deref. The get_free_serial_index() function returns an available minor number but doesn’t assign it immediately. The assignment is done by the caller later. But before this assignment, calls to get_free_serial_index() would return the same minor number. Fix this by modifying get_free_serial_index to assign the minor number immediately after one is found to be and rename it to obtain_minor() to better reflect what it does. Similary, rename set_serial_by_index() to release_minor() and modify it to free up the minor number of the given hso_serial. Every obtain_minor() should have corresponding release_minor() call.2024-02-26not yet calculatedCVE-2021-46904
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 (“net: hso: fix null-ptr-deref during tty device unregistration”) fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister().2024-02-26not yet calculatedCVE-2021-46905
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn’t take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes. To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl().2024-02-26not yet calculatedCVE-2021-46906
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Don’t use vcpu->run->internal.ndata as an array index __vmx_handle_exit() uses vcpu->run->internal.ndata as an index for an array access. Since vcpu->run is (can be) mapped to a user address space with a writer permission, the ‘ndata’ could be updated by the user process at anytime (the user process can set it to outside the bounds of the array). So, it is not safe that __vmx_handle_exit() uses the ‘ndata’ that way.2024-02-27not yet calculatedCVE-2021-46907
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: bpf: Use correct permission flag for mixed signed bounds arithmetic We forbid adding unknown scalars with mixed signed bounds due to the spectre v1 masking mitigation. Hence this also needs bypass_spec_v1 flag instead of allow_ptr_leaks.2024-02-27not yet calculatedCVE-2021-46908
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: ARM: footbridge: fix PCI interrupt mapping Since commit 30fdfb929e82 (“PCI: Add a call to pci_assign_irq() in pci_device_probe()”), the PCI code will call the IRQ ma