US-CERT Vulnerability Summary for the Week of February 5, 2024

February 12, 2024

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
allegro_ai — clearmlLack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files.2024-02-069.8CVE-2024-24592
6f8de1f0-f67e-45a6-b68f-98777fdb759c
allegro_ai — clearmlA cross-site request forgery (CSRF) vulnerability in all versions of the api and web server components of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks.2024-02-069.6CVE-2024-24593
6f8de1f0-f67e-45a6-b68f-98777fdb759c
allegro_ai — clearmlA cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.2024-02-069.9CVE-2024-24594
6f8de1f0-f67e-45a6-b68f-98777fdb759c
allegro_ai — clearmlDeserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.2024-02-068CVE-2024-24590
6f8de1f0-f67e-45a6-b68f-98777fdb759c
allegro_ai — clearmlA path traversal vulnerability in version 1.4.0 or newer of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.2024-02-068CVE-2024-24591
6f8de1f0-f67e-45a6-b68f-98777fdb759c
ampps — amppsA vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written.2024-02-027.5CVE-2024-1189
[email protected]
[email protected]
[email protected]
angular — angularThis affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).2024-02-107.5CVE-2024-21490
[email protected]
[email protected]
apache_software_foundation — pulsarObservable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file. Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker. 2.11 Pulsar users should upgrade to at least 2.11.3. 3.0 Pulsar users should upgrade to at least 3.0.2. 3.1 Pulsar users should upgrade to at least 3.1.1. Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions. For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .2024-02-077.4CVE-2023-51437
[email protected]
[email protected]
apache_software_foundation — sling_servlets_resolverMalicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script.  Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not.2024-02-068.5CVE-2024-23673
[email protected]
[email protected]
apachefriends — xamppA buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).2024-02-029.8CVE-2024-0338
[email protected]
artifex — mupdfmupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.2024-02-057.5CVE-2024-24258
[email protected]
artifex — mupdfmupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.2024-02-057.5CVE-2024-24259
[email protected]
automattic_inc — crowdsignal_dashboard_polls,_surveys_&_moreImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11.2024-02-107.1CVE-2023-51488
[email protected]
b&r_industrial_automation — automation_runtimeUse of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime (SDM modules). The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. A network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.   This issue affects Automation Runtime: from 14.0 before 14.93.2024-02-059.8CVE-2024-0323
[email protected]
b&r_industrial_automation — automation_studioIncorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.2024-02-028.8CVE-2020-24681
[email protected]
b&r_industrial_automation — automation_studioUnquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.2024-02-027.8CVE-2020-24682
[email protected]
b&r_industrial_automation — automation_studio: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.2024-02-027.5CVE-2021-22281
[email protected]
b&r_industrial_automation — automation_studioImproper Control of Generation of Code (‘Code Injection’) vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.2024-02-027.8CVE-2021-22282
[email protected]
biteship — biteship_plugin_ongkos_kirim_kurir_instant_reguler_kargoImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.2024-02-057.1CVE-2024-24866
[email protected]
blurams — lumi_security_camera_a31c_firmwareAn issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code.2024-02-029.8CVE-2023-50488
[email protected]
[email protected]
canon_inc — satera_lbp670c_seriesBuffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2023-6231
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
canon_inc — satera_lbp670c_seriesBuffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2023-6232
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
canon_inc — satera_lbp670c_seriesBuffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2023-6233
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
canon_inc — satera_lbp670c_seriesBuffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2023-6234
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
canon_inc — satera_mf750c_seriesBuffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2024-0244
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
canon_inc — satera_lbp670c_seriesBuffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2023-6229
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
canon_inc — satera_lbp670c_seriesBuffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.2024-02-069.8CVE-2023-6230
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
f98c90f0-e9bd-4fa7-911b-51993f3571fd
chendotjs — lotos_webserverLotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c.2024-02-057.5CVE-2024-24263
[email protected]
cisco — cisco_secure_endpointA vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog.2024-02-077.5CVE-2024-20290
[email protected]
cisco — cisco_telepresence_video_communication_server_(vcs)_expresswayA vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.2024-02-078.2CVE-2024-20255
[email protected]
cisco — mutiple_productsMultiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: “Cisco Expressway Series” refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details [“#details”] section of this advisory.2024-02-079.6CVE-2024-20252
[email protected]
cisco — mutiple_productsMultiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: “Cisco Expressway Series” refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details [“#details”] section of this advisory.2024-02-079.6CVE-2024-20254
[email protected]
composer — composerComposer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar’s self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:“`sh rm vendor/composer/installed.php vendor/composer/InstalledVersions.php composer install –no-scripts –no-plugins “`2024-02-098.8CVE-2024-24821
[email protected]
[email protected]
cpio — cpioA path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system.2024-02-058.8CVE-2023-7216
[email protected]
[email protected]
crafty_controller — crafty_controllerA host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header2024-02-037.5CVE-2024-1064
[email protected]
degamisu — open-irsopen-irs is an issue response robot that reponds to issues in the installed repository. The `.env` file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets.2024-02-029.8CVE-2024-24757
[email protected]
dell — bsafe_crypto-c-micro-editionDell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.2024-02-029.8CVE-2020-29504
[email protected]
dell — bsafe_micro-edition-suiteDell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.2024-02-029.8CVE-2021-21575
[email protected]
dell — bsafe_ssl-jDell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.2024-02-029.8CVE-2022-34381
[email protected]
dell — data_protection_searchDell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.2024-02-068.8CVE-2024-22433
[email protected]
dell — dell_display_managerDell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation2024-02-067.3CVE-2023-32451
[email protected]
dell — dell_power_manager_(dpm)Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.2024-02-067.8CVE-2023-25543
[email protected]
diracgrid — diracDIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-099.1CVE-2024-24825
[email protected]
[email protected]
emerson — rosemount_gc370xaIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.2024-02-098.3CVE-2023-51761
[email protected]
[email protected]
emerson_rosemount– mutiple productsIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.2024-02-099.8CVE-2023-46687
[email protected]
[email protected]
envoyproxy — envoyEnvoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-098.6CVE-2024-23324
[email protected]
[email protected]
envoyproxy — envoyEnvoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-097.5CVE-2024-23322
[email protected]
[email protected]
envoyproxy — envoyEnvoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-097.5CVE-2024-23325
[email protected]
[email protected]
envoyproxy — envoyEnvoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-097.5CVE-2024-23327
[email protected]
[email protected]
flusity — flusityCross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.2024-02-058.8CVE-2024-24468
[email protected]
flusity — flusityCross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.2024-02-058.8CVE-2024-24469
[email protected]
flusity — flusityCross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.2024-02-028.8CVE-2024-24470
[email protected]
flusity — flusityCross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.2024-02-028.8CVE-2024-24524
[email protected]
fortinet — fortios/fortiproxyAn out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests2024-02-099.8CVE-2024-21762
[email protected]
fortinet — fortisiemAn improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.2024-02-059.8CVE-2024-23108
[email protected]
fortinet — fortisiemAn improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.2024-02-059.8CVE-2024-23109
[email protected]
google — androidIn alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.2024-02-059.8CVE-2024-20011
[email protected]
google — androidIn alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150.2024-02-058.8CVE-2024-20009
[email protected]
google — androidIn mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.2024-02-057.5CVE-2024-20007
[email protected]
google — androidIn telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419.2024-02-057.8CVE-2024-20015
[email protected]
gpac — gpacgpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.2024-02-057.5CVE-2024-24265
[email protected]
gpac — gpacgpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.2024-02-057.5CVE-2024-24266
[email protected]
gpac — gpacgpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.2024-02-057.5CVE-2024-24267
[email protected]
graphviz — graphvizGraphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.2024-02-027.8CVE-2023-46045
[email protected]
[email protected]
[email protected]
graylog2 — graylog2_serverGraylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog’s cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue.2024-02-078.8CVE-2024-24824
[email protected]
[email protected]
[email protected]
[email protected]
gttb — gtb_central_consoleAn issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known value.2024-02-029.8CVE-2024-22108
[email protected]
[email protected]
gttb — gtb_central_consoleAn issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform.2024-02-027.2CVE-2024-22107
[email protected]
[email protected]
hashicorp — boundaryBoundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.2024-02-058CVE-2024-1052
[email protected]
hashicorp — nomadHashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.2024-02-087.7CVE-2024-1329
[email protected]
ibm — cloud_pak_systemIBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733.2024-02-027.5CVE-2023-38273
[email protected]
[email protected]
ibm — engineering_lifecycle_optimization_publishingIBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755.2024-02-097.5CVE-2023-45191
[email protected]
[email protected]
ibm — maximo_asset_managementIBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073.2024-02-029.8CVE-2023-32333
[email protected]
[email protected]
ibm — operational_decision_managerIBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.2024-02-029.8CVE-2024-22319
[email protected]
[email protected]
ibm — operational_decision_managerIBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.2024-02-028.8CVE-2024-22320
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.2024-02-029.8CVE-2023-50940
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.2024-02-028.8CVE-2023-50936
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107.2024-02-027.5CVE-2023-50326
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.2024-02-027.5CVE-2023-50937
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.2024-02-027.5CVE-2023-50939
[email protected]
[email protected]
ibm — security_access_manager_containerIBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.2024-02-077.5CVE-2023-38369
[email protected]
[email protected]
ibm — security_verify_accessIBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957.2024-02-079.8CVE-2023-32328
[email protected]
[email protected]
ibm — security_verify_accessIBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977.2024-02-079.8CVE-2023-32330
[email protected]
[email protected]
ibm — security_verify_accessIBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155.2024-02-077.2CVE-2023-43017
[email protected]
[email protected]
ibm — security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765.2024-02-039CVE-2023-31004
[email protected]
[email protected]
ibm — security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651.2024-02-037.5CVE-2023-30999
[email protected]
[email protected]
ibm — security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767.2024-02-037.8CVE-2023-31005
[email protected]
[email protected]
ibm — security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776.2024-02-037.5CVE-2023-31006
[email protected]
[email protected]
ibm — security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783.2024-02-037.1CVE-2023-32327
[email protected]
[email protected]
ibm — security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154.2024-02-037.3CVE-2023-43016
[email protected]
[email protected]
ibm — soar_qradar_plugin_appIBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577.2024-02-028.8CVE-2023-38263
[email protected]
[email protected]
ibm — spectrum_protect_plusIBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599.2024-02-027.5CVE-2023-47148
[email protected]
[email protected]
ibm — storage_defender_ — resiliency_serviceIBM Storage Defender – Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.2024-02-108CVE-2023-50957
[email protected]
[email protected]
ibm — tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.2024-02-029.8CVE-2023-47143
[email protected]
[email protected]
ibm — tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization’s local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267.2024-02-028.8CVE-2023-47142
[email protected]
[email protected]
icinga — icingaweb2_module_directorIcinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director’s configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being.2024-02-098.3CVE-2024-24820
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
ireader — media-servermedia-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c.2024-02-057.5CVE-2024-24260
[email protected]
ireader — media-servermedia-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c.2024-02-057.5CVE-2024-24262
[email protected]
jetbrains — teamcityIn JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible2024-02-069.8CVE-2024-23917
[email protected]
jfinalcms_project — jfinalcmsJFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.2024-02-029.8CVE-2024-24029
[email protected]
jishenghua — jsherpjshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP’s protection mechanism.2024-02-079.8CVE-2024-24001
[email protected]
[email protected]
jishenghua — jsherpjshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP’s protection mechanism in `safeSqlParse` method for sql injection.2024-02-079.8CVE-2024-24002
[email protected]
[email protected]
jishenghua — jsherpjshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP’s protection mechanism in `safeSqlParse` method for sql injection.2024-02-089.8CVE-2024-24003
[email protected]
[email protected]
jishenghua — jsherpjshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP’s protection mechanism in `safeSqlParse` method for sql injection.2024-02-079.8CVE-2024-24004
[email protected]
[email protected]
jsish — jsishJsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.2024-02-079.8CVE-2024-24186
[email protected]
jsish — jsishJsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.2024-02-079.8CVE-2024-24188
[email protected]
jsish — jsishJsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.2024-02-079.8CVE-2024-24189
[email protected]
kddi — home_spot_cube_2_firmwareHeap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported.2024-02-029.8CVE-2024-23978
[email protected]
[email protected]
kddi — home_spot_cube_2_firmwareStack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported.2024-02-027.5CVE-2024-21780
[email protected]
[email protected]
kihron — serverrpexposerDirectory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java.2024-02-029.8CVE-2024-22779
[email protected]
[email protected]
[email protected]
ledgersmb — ledgersmbLedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin’s consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.2024-02-027.5CVE-2024-23831
[email protected]
[email protected]
libexpat_project — libexpatlibexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.2024-02-047.5CVE-2023-52425
[email protected]
libgit2 — libgit2libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.2024-02-068.6CVE-2024-24577
[email protected]
[email protected]
[email protected]
libgit2 — libgit2libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.2024-02-067.5CVE-2024-24575
[email protected]
[email protected]
[email protected]
[email protected]
libuv — libuvlibuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-077.3CVE-2024-24806
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
liferay — portal/dxpStored cross-site scripting (XSS) vulnerability in the Portal Search module’s Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app’s search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.2024-02-079.6CVE-2024-25145
[email protected]
liveconfig — liveconfigDirectory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint.2024-02-027.5CVE-2024-22851
[email protected]
magic_hills_pty_ltd — wonder_slider_liteImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS. This issue affects Wonder Slider Lite: from n/a through 13.9.2024-02-087.1CVE-2024-24877
[email protected]
mailcow — mailcow-dockerizedmailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`.2024-02-027.3CVE-2024-24760
[email protected]
[email protected]
mate_desktop — engrampaEngrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.2024-02-058.2CVE-2023-52138
[email protected]
[email protected]
mediatek — nr15In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981).2024-02-057.5CVE-2024-20003
[email protected]
mediatek — nr15In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985).2024-02-057.5CVE-2024-20004
[email protected]
meshcentral — meshcentralYlianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.2024-02-027.5CVE-2023-51838
[email protected]
[email protected]
[email protected]
mia_technology_inc. — mia-medExposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users. This issue affects MİA-MED: before 1.0.7.2024-02-087.5CVE-2023-6517
[email protected]
mia_technology_inc. — mia-medPlaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7.2024-02-087.5CVE-2023-6518
[email protected]
mia_technology_inc. — mia-medExposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7.2024-02-087.5CVE-2023-6519
[email protected]
mia_technology_inc — mia-medAuthorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7.2024-02-088.8CVE-2023-6515
[email protected]
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Remote Code Execution Vulnerability2024-02-028.3CVE-2024-21399
[email protected]
miro — miroMiro Desktop 0.8.18 on macOS allows Electron code injection.2024-02-029.8CVE-2024-23746
[email protected]
[email protected]
[email protected]
mrcms — mrcmsMRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.2024-02-027.5CVE-2024-24161
[email protected]
nationalkeep — cybermathUnrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server. This issue affects CyberMath: from v.1.4 before v.1.5.2024-02-029.8CVE-2023-6675
[email protected]
nationalkeep — cybermathCross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery. This issue affects CyberMath: from v1.4 before v1.5.2024-02-028.8CVE-2023-6676
[email protected]
oduyo –financial_technology_online_collectionImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2.2024-02-099.8CVE-2023-6677
[email protected]
open_formulieren — open_formsOpen Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could potentially have the second-factor authentication bypassed if an attacker somehow managed to authenticate to Open Forms. The maintainers of Open Forms do not believe it is or has been possible to perform this login. However, if this were possible, the victim’s account may be abused to view (potentially sensitive) submission data or have been used to impersonate other staff accounts to view and/or modify data. Three mitigating factors to help prevent exploitation include: the usual login page (at `/admin/login/`) does not fully log in the user until the second factor was succesfully provided; the additional non-MFA protected login page at `/api/v2/api-authlogin/` was misconfigured and could not be used to log in; and there are no additional ways to log in. This also requires credentials of a superuser to be compromised to be exploitable. Versions 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain the following patches to address these weaknesses: Move and only enable the API auth endpoints (`/api/v2/api-auth/login/`) with `settings.DEBUG = True`. `settings.DEBUG = True` is insecure and should never be applied in production settings. Additionally, apply a custom permission check to the hijack flow to only allow second-factor-verified superusers to perform user hijacking.2024-02-077.7CVE-2024-24771
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
openharmony — openharmonyin OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write.2024-02-028.8CVE-2023-45734
[email protected]
openharmony — openharmonyin OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.2024-02-028.8CVE-2024-21860
[email protected]
openharmony — openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.2024-02-027.8CVE-2024-21845
[email protected]
openharmony — openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.2024-02-027.8CVE-2024-21851
[email protected]
openobserve — openobserveOpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the “/api/{org_id}/users” endpoint. This vulnerability allows any authenticated regular user (‘member’) to add new users with elevated privileges, including the ‘root’ role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application’s role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-089.9CVE-2024-24830
[email protected]
openobserve — openobserveOpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the “/api/{org_id}/users/{email_id}” endpoint. This vulnerability allows any authenticated user within an organization to remove any other user from that same organization, irrespective of their respective roles. This includes the ability to remove users with “Admin” and “Root” roles. By enabling any organizational member to unilaterally alter the user base, it opens the door to unauthorized access and can cause considerable disruptions in operations. The core of the vulnerability lies in the `remove_user_from_org` function in the user management system. This function is designed to allow organizational users to remove members from their organization. The function does not check if the user initiating the request has the appropriate administrative privileges to remove a user. Any user who is part of the organization, irrespective of their role, can remove any other user, including those with higher privileges. This vulnerability is categorized as an Authorization issue leading to Unauthorized User Removal. The impact is severe, as it compromises the integrity of user management within organizations. By exploiting this vulnerability, any user within an organization, without the need for administrative privileges, can remove critical users, including “Admins” and “Root” users. This could result in unauthorized system access, administrative lockout, or operational disruptions. Given that user accounts are typically created by “Admins” or “Root” users, this vulnerability can be exploited by any user who has been granted access to an organization, thereby posing a critical risk to the security and operational stability of the application. This issue has been addressed in release version 0.8.0. Users are advised to upgrade.2024-02-089.1CVE-2024-25106
[email protected]
panterasoft — hdd_healthSearch path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation.2024-02-027.8CVE-2024-1201
[email protected]
ping_identity — pingfederateAuthentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.2024-02-068.8CVE-2023-40545
[email protected]
[email protected]
[email protected]
postgresql — postgresqlLate privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker’s roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker’s materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.2024-02-088CVE-2024-0985
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
pt_woo_plugins_(by_webdados) — portugal_ctt_tracking_for_woocommerceImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS. This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1.2024-02-087.1CVE-2024-24878
[email protected]
qibosoft — qibocms_x1A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-057.3CVE-2024-1225
[email protected]
[email protected]
[email protected]
qnap — photo_stationAn OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later2024-02-028.8CVE-2023-47562
[email protected]
qnap — qsync_centralAn incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later2024-02-028.1CVE-2023-47564
[email protected]
qnap — qtsAn improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later2024-02-029.8CVE-2023-39303
[email protected]
qnap — qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later2024-02-029.8CVE-2023-45025
[email protected]
qnap — qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later2024-02-028.8CVE-2023-39297
[email protected]
qnap — qtsA SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later2024-02-028.8CVE-2023-47568
[email protected]
qnap — qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-39302
[email protected]
qnap — qtsA heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41273
[email protected]
qnap — qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41275
[email protected]
qnap — qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41276
[email protected]
qnap — qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41277
[email protected]
qnap — qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41278
[email protected]
qnap — qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41279
[email protected]
qnap — qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41280
[email protected]
qnap — qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41281
[email protected]
qnap — qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41282
[email protected]
qnap — qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41283
[email protected]
qnap — qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-41292
[email protected]
qnap — qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-45035
[email protected]
qnap — qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-45036
[email protected]
qnap — qtsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-45037
[email protected]
qnap — qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-47566
[email protected]
qnap — qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later2024-02-027.2CVE-2023-47567
[email protected]
qolsys_inc — iq_panel_4Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.2024-02-087.3CVE-2024-0242
[email protected]
[email protected]
qualcomm — 315_5g_iot_modem_firmwareTransient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.2024-02-067.5CVE-2023-33049
[email protected]
qualcomm — 315_5g_iot_modem_firmwareTransient DOS in Multi-Mode Call Processor while processing UE policy container.2024-02-067.5CVE-2023-33057
[email protected]
qualcomm — 315_5g_iot_modem_firmwareMemory corruption in Core while processing control functions.2024-02-067.8CVE-2023-33072
[email protected]
qualcomm — 315_5g_iot_modem_firmwareMemory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.2024-02-067.8CVE-2023-43513
[email protected]
qualcomm — 315_5g_iot_modem_firmwareTransient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.2024-02-067.5CVE-2023-43533
[email protected]
qualcomm — 315_5g_iot_modem_firmwareTransient DOS while parse fils IE with length equal to 1.2024-02-067.5CVE-2023-43536
[email protected]
qualcomm — 9206_lte_modem_firmwareMemory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.2024-02-067.8CVE-2023-33067
[email protected]
qualcomm — 9206_lte_modem_firmwareMemory corruption in Audio while processing IIR config data from AFE calibration block.2024-02-067.8CVE-2023-33068
[email protected]
qualcomm — 9206_lte_modem_firmwareMemory corruption in Audio while processing the calibration data returned from ACDB loader.2024-02-067.8CVE-2023-33069
[email protected]
qualcomm — aqt1000_firmwareMemory corruption in video while parsing invalid mp2 clip.2024-02-069.8CVE-2023-43518
[email protected]
qualcomm — aqt1000_firmwareMemory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.2024-02-069.8CVE-2023-43519
[email protected]
qualcomm — aqt1000_firmwareInformation disclosure in Audio while accessing AVCS services from ADSP payload.2024-02-067.1CVE-2023-33065
[email protected]
qualcomm — aqt1000_firmwareMemory corruption in Core when updating rollback version for TA and OTA feature is enabled.2024-02-067.8CVE-2023-33076
[email protected]
qualcomm — aqt1000_firmwareMemory corruption in HLOS while converting from authorization token to HIDL vector.2024-02-067.8CVE-2023-33077
[email protected]
qualcomm — aqt1000_firmwareTransient DOS while key unwrapping process, when the given encrypted key is empty or NULL.2024-02-067.5CVE-2023-43522
[email protected]
qualcomm — ar8035_firmwareInformation disclosure in Modem while processing SIB5.2024-02-069.1CVE-2023-33058
[email protected]
qualcomm — ar8035_firmwareMemory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.2024-02-069.8CVE-2023-43520
[email protected]
qualcomm — ar8035_firmwareMemory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.2024-02-069.8CVE-2023-43534
[email protected]
qualcomm — ar8035_firmwareMemory corruption in Trusted Execution Environment while deinitializing an object used for license validation.2024-02-067CVE-2023-33046
[email protected]
qualcomm — ar8035_firmwareTransient DOS while processing 11AZ RTT management action frame received through OTA.2024-02-067.5CVE-2023-43523
[email protected]
qualcomm — fastconnect_6700_firmwareMemory corruption while reading ACPI config through the user mode app.2024-02-067.8CVE-2023-43532
[email protected]
qualcomm — fastconnect_6700_firmwareMemory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger.2024-02-067.8CVE-2023-43535
[email protected]
qualcomm — fastconnect_6900_firmwareMemory corruption when malformed message payload is received from firmware.2024-02-067.8CVE-2023-43516
[email protected]
qualcomm — qam8255p_firmwareMemory corruption in Automotive Multimedia due to improper access control in HAB.2024-02-067.8CVE-2023-43517
[email protected]
rapidscada — rapid_scadaIn Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port.2024-02-029.8CVE-2024-21764
[email protected]
[email protected]
rapidscada — rapid_scadaIn Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation.2024-02-027.8CVE-2024-22016
[email protected]
[email protected]
remyandrade — testimonial_page_managerA vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695.2024-02-029.8CVE-2024-1197
[email protected]
[email protected]
samsung — magician_pc_softwareImproper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data.2024-02-077.3CVE-2024-23769
[email protected]
samsung_mobile — samsung_mobile_devicesOut-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.2024-02-068.4CVE-2024-20812
[email protected]
samsung_mobile — samsung_mobile_devicesOut-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.2024-02-068.4CVE-2024-20813
[email protected]
samsung_mobile — samsung_mobile_devicesImproper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim&#39;s mobile hotspot without user awareness.2024-02-068CVE-2024-20815
[email protected]
samsung_mobile — samsung_mobile_devicesImproper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim&#39;s mobile hotspot without user awareness.2024-02-068CVE-2024-20816
[email protected]
silabs — gecko_software_development_kitA potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution2024-02-027.5CVE-2023-6387
[email protected]
[email protected]
silabs — gecko_software_development_kitPrior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number2024-02-057.5CVE-2023-6874
[email protected]
[email protected]
snow_software — inventory_agentImproper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages. This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.2024-02-087.8CVE-2024-1149
[email protected]
snow_software — inventory_agentImproper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages. This issue affects Inventory Agent: through 7.3.1.2024-02-087.8CVE-2024-1150
[email protected]
software_engineering_consultancy_machine_equipment_limited_company — hearing_tracking_systemAuthorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.2024-02-098.8CVE-2023-6724
[email protected]
softwarefx — chart_fxAn issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests.2024-02-027.5CVE-2023-39611
[email protected]
solarwinds — solarwinds_platformSQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited2024-02-068CVE-2023-50395
[email protected]
[email protected]
solarwinds — solarwinds_platformSQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited.2024-02-068CVE-2023-35188
[email protected]
[email protected]
tiangolo — fastapiFastAPI is a web framework for building APIs with Python 3.8+ based on standard Python type hints. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can’t handle any more requests. It’s a ReDoS(Regular expression Denial of Service), it only applies to those reading form data, using `python-multipart`. This vulnerability has been patched in version 0.109.1.2024-02-057.5CVE-2024-24762
[email protected]
[email protected]
[email protected]
tp-link — er7206_firmwareA post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.2024-02-067.2CVE-2023-36498
[email protected]
tp-link — er7206_firmwareA post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-42664
[email protected]
tp-link — er7206_firmwareA command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-43482
[email protected]
tp-link — er7206_firmwareA post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-46683
[email protected]
tp-link — er7206_firmwareA post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-47167
[email protected]
tp-link — er7206_firmwareA post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-47209
[email protected]
tp-link — er7206_firmwareA post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-47617
[email protected]
tp-link — er7206_firmwareA post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.2024-02-067.2CVE-2023-47618
[email protected]
vinchin — vinchin_backup_and_recoveryVinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.2024-02-029.8CVE-2024-22901
[email protected]
[email protected]
[email protected]
vinchin — vinchin_backup_and_recoveryVinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.2024-02-029.8CVE-2024-22902
[email protected]
[email protected]
[email protected]
[email protected]
vinchin — vinchin_backup_and_recoveryVinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.2024-02-028.8CVE-2024-22899
[email protected]
[email protected]
[email protected]
vinchin — vinchin_backup_and_recoveryVinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.2024-02-028.8CVE-2024-22900
[email protected]
[email protected]
[email protected]
vinchin — vinchin_backup_and_recoveryVinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.2024-02-028.8CVE-2024-22903
[email protected]
[email protected]
[email protected]
vmware — aria_operations_for_networksAria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.2024-02-067.8CVE-2024-22237
[email protected]
vmware — aria_operations_for_networksAria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.2024-02-067.8CVE-2024-22239
[email protected]
vyper — vyperVyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn’t throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2’s complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist. There are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won’t be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check.2024-02-079.8CVE-2024-24563
[email protected]
[email protected]
[email protected]
westermo — lynxThe cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.2024-02-068CVE-2023-38579
[email protected]
westermo — lynxA potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.2024-02-068CVE-2023-45735
[email protected]
wixtoolset — issuesWiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.2024-02-078.2CVE-2024-24810
[email protected]
wordpress — wordpressThe 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorization and does not check the uploaded file in its p3dlite_handle_upload AJAX action, allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.2024-02-059.8CVE-2021-4436
[email protected]
wordpress — wordpressThe Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-02-059.8CVE-2023-6933
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.2024-02-059.8CVE-2023-6989
[email protected]
[email protected]
wordpress — wordpressThe Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default, this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors.2024-02-059.1CVE-2024-0221
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export.2024-02-029.8CVE-2024-0685
[email protected]
[email protected]
wordpress — wordpressThe Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the ‘coinslist’ parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-059.8CVE-2024-0709
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the ‘calendar_request_params[dates_ddmmyy_csv]’ parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-089.8CVE-2024-1207
[email protected]
[email protected]
wordpress — wordpressThe Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.2024-02-058.8CVE-2023-6700
[email protected]
[email protected]
wordpress — wordpressThe File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function.2024-02-058.8CVE-2023-6846
[email protected]
[email protected]
wordpress — wordpressThe Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin’s vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. This makes it possible for authenticated attackers with contributor-level and above permissions to call arbitrary functions and execute code.2024-02-058.8CVE-2023-6996
[email protected]
[email protected]
wordpress — wordpressThe User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wppb_two_factor_authentication_settings_update’ function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles.2024-02-058.2CVE-2024-0324
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the ‘q’ parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-108.8CVE-2024-0594
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access.2024-02-058.1CVE-2024-0761
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options.2024-02-058.8CVE-2024-0869
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Website Builder by SeedProd – Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23.2024-02-058.2CVE-2024-1072
[email protected]
[email protected]
wordpress — wordpressThe Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the ‘button’ attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-078.8CVE-2024-1118
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the ‘import_styles’ function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.2024-02-057.2CVE-2023-6635
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the ‘importZipFile’ function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin (the default is editor role, but access can also be granted to contributor role), to upload arbitrary files on the affected site’s server which may make remote code execution possible.2024-02-057.2CVE-2023-6925
[email protected]
[email protected]
wordpress — wordpressThe Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the ‘reset_form’ function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-057.1CVE-2024-0428
[email protected]
[email protected]
wordpress — wordpressThe Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.2024-02-097.5CVE-2024-0842
[email protected]
[email protected]
wordpress — wordpressThe Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with “Form.php” on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.2024-02-027.2CVE-2024-0844
[email protected]
[email protected]
wordpress — wordpressThe Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content.2024-02-037.5CVE-2024-0909
[email protected]
[email protected]
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.2024-02-087.1CVE-2024-24881
[email protected]
xiandafu — beetlBefore Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution.2024-02-029.8CVE-2024-22533
[email protected]
xorg — xorg-serverAn out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.2024-02-097.8CVE-2024-0229
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
xxyopen — novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list2024-02-069.8CVE-2024-24013
[email protected]
[email protected]
xxyopen — novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list2024-02-089.8CVE-2024-24014
[email protected]
[email protected]
xxyopen — novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit2024-02-069.8CVE-2024-24015
[email protected]
[email protected]
xxyopen — novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list2024-02-089.8CVE-2024-24017
[email protected]
[email protected]
xxyopen — novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list2024-02-089.8CVE-2024-24018
[email protected]
[email protected]
xxyopen — novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list2024-02-079.8CVE-2024-24019
[email protected]
[email protected]
xxyopen — novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.2024-02-089.8CVE-2024-24021
[email protected]
[email protected]
xxyopen — novel-plusA SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list.2024-02-089.8CVE-2024-24023
[email protected]
[email protected]
xxyopen — novel-plusAn arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.2024-02-089.8CVE-2024-24024
[email protected]
[email protected]
xxyopen — novel-plusAn arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.2024-02-089.8CVE-2024-24025
[email protected]
[email protected]
xxyopen — novel-plusAn arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.2024-02-089.8CVE-2024-24026
[email protected]
[email protected]
yannick_lefebvre — link_libraryImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Yannick Lefebvre Link Library allows Reflected XSS. This issue affects Link Library: from n/a through 7.5.13.2024-02-087.1CVE-2024-24879
[email protected]
yarn — yarnAn untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.2024-02-047.7CVE-2021-4435
[email protected]
[email protected]
[email protected]
[email protected]
zohocorp — manageengine_adaudit_plusZoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.2024-02-029.8CVE-2023-48792
[email protected]
[email protected]
zohocorp — manageengine_adaudit_plusZoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.2024-02-029.8CVE-2023-48793
[email protected]
[email protected]
zohocorp — manageengine_adaudit_plusManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.2024-02-028.8CVE-2024-0253
0fc0942c-577d-436f-ae8e-945763c79b02
zohocorp — manageengine_adaudit_plusManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.2024-02-028.8CVE-2024-0269
0fc0942c-577d-436f-ae8e-945763c79b02
zopefoundation — products_sqlalchemydaSQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem.2024-02-079.8CVE-2024-24811
[email protected]
[email protected]

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
1panel-dev — 1panel1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.2024-02-056.5CVE-2024-24768
[email protected]
[email protected]
[email protected]
acowebs — product_labels_for_woocommerce_(sale_badges)Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3.2024-02-085.9CVE-2024-24886
[email protected]
allegro_ai — clearmlAllegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.2024-02-056CVE-2024-24595
6f8de1f0-f67e-45a6-b68f-98777fdb759c
ansible — ansibleAn information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.2024-02-065CVE-2024-0690
[email protected]
[email protected]
[email protected]
[email protected]
antisamy_project — antisamyAntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy’s sanitized output. Patched in AntiSamy 1.7.5 and later.2024-02-026.1CVE-2024-23635
[email protected]
apache_software_foundation — ozoneImproper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0. Users are recommended to upgrade to version 1.4.0, which fixes the issue.2024-02-075.3CVE-2023-39196
[email protected]
[email protected]
apollo13themes — apollo13_framework_extensionsImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS. This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2.2024-02-086.5CVE-2024-24880
[email protected]
audrasjb — gdpr_data_request_formImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS. This issue affects GDPR Data Request Form: from n/a through 1.6.2024-02-086.5CVE-2024-24836
[email protected]
axis_communications_ab — axis_osBrandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.2024-02-056.3CVE-2023-5677
[email protected]
axis_communications_ab — axis_osVintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.2024-02-055.4CVE-2023-5800
[email protected]
beijing_baichuo — smart_s20_management_platformA vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252993 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-064.7CVE-2024-1254
[email protected]
[email protected]
[email protected]
beijing_baichuo — smart_s40_management_platformA vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-064.7CVE-2024-1253
[email protected]
[email protected]
[email protected]
blockmason — credit-protocol** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of service. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 082e01f18707ef995e80ebe97fcedb229a55efc5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252799. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2024-02-044.3CVE-2018-25098
[email protected]
[email protected]
[email protected]
[email protected]
blurams — lumi_security_camera_a31c_firmwareAn issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code.2024-02-026.8CVE-2023-51820
[email protected]
[email protected]
br-automation — automation_runtimeA reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session.2024-02-056.1CVE-2023-6028
[email protected]
ckeditor — ckeditor4CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts.2024-02-076.1CVE-2024-24815
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
ckeditor — ckeditor4CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.2024-02-076.1CVE-2024-24816
[email protected]
[email protected]
[email protected]
clicktotweet.com — click_to_tweetImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14.2024-02-106.5CVE-2024-23514
[email protected]
codeastro — employee_task_management_systemA vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability.2024-02-035.4CVE-2024-1199
[email protected]
[email protected]
[email protected]
codeastro — restaurant_pos_systemA vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253011.2024-02-076.3CVE-2024-1268
[email protected]
[email protected]
[email protected]
creative_themes — blocksyImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Creative Themes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.0.19.2024-02-086.5CVE-2024-24871
[email protected]
cryptlib — cryptlibA security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server’s certificate.2024-02-055.9CVE-2024-0202
[email protected]
cups_easy — cups_easyA vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.2024-02-026.1CVE-2024-23895
[email protected]
dan_dulaney — dan’s_embedder_for_google_calendarImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dan Dulaney Dan’s Embedder for Google Calendar allows Stored XSS. This issue affects Dan’s Embedder for Google Calendar: from n/a through 1.2.2024-02-056.5CVE-2023-51504
[email protected]
dell — appsyncDell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.2024-02-086.2CVE-2024-22464
[email protected]
dell — cpg_biosDell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.2024-02-066.7CVE-2023-28063
[email protected]
dell — dell_bsafe_ssl-jDell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.2024-02-104.4CVE-2023-28077
[email protected]
dell — dell_command_monitorDell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.2024-02-064.7CVE-2023-28049
[email protected]
dell — dell_display_managerDell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion2024-02-066.6CVE-2023-32474
[email protected]
dell — dell_encryptionDell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.2024-02-066.7CVE-2023-32479
[email protected]
dell — dup_frameworkDUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service2024-02-066.3CVE-2023-32454
[email protected]
dev.dans-art — add_customer_for_woocommerceImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dan’s Art Add Customer for WooCommerce allows Stored XSS.This issue affects Add Customer for WooCommerce: from n/a through 1.7.2024-02-054.8CVE-2024-24841
[email protected]
elastic — apm_serverAn issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.2024-02-075.7CVE-2024-23448
[email protected]
[email protected]
elastic — elastic_network_drive_connectorAn issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.2024-02-075.3CVE-2024-23447
[email protected]
[email protected]
elastic — kibanaAn issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index.2024-02-076.5CVE-2024-23446
[email protected]
[email protected]
emerson — rosemount_gc370xaIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.2024-02-096.9CVE-2023-43609
[email protected]
[email protected]
emerson — rosemount_gc370xaIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.2024-02-096.9CVE-2023-49716
[email protected]
[email protected]
enalean — tuleapTuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.2024-02-065.3CVE-2024-23344
[email protected]
[email protected]
[email protected]
[email protected]
envoyproxy — envoyEnvoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-094.3CVE-2024-23323
[email protected]
[email protected]
fivestarplugins — five_star_restaurant_menuImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5.2024-02-055.4CVE-2024-24838
[email protected]
forum_one — wp-cfmCross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm. This issue affects WP-CFM: from n/a through 1.7.8.2024-02-075.4CVE-2024-24706
[email protected]
[email protected]
frappe — frappeFrappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available.2024-02-075.4CVE-2024-24812
[email protected]
[email protected]
[email protected]
galleon — eap_eap-xp_serversAn improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.2024-02-066.8CVE-2023-4503
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
getsentry — sentrySentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-094.3CVE-2024-24829
[email protected]
[email protected]
[email protected]
gitlab — gitlabAn issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.2024-02-086.5CVE-2023-6564
[email protected]
gitlab — gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.6.7, all versions starting from 16.7 before 16.7.5, all versions starting from 16.8 before 16.8.2. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.2024-02-076.5CVE-2023-6736
[email protected]
[email protected]
gitlab — gitlabAn issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.2024-02-076.7CVE-2023-6840
[email protected]
[email protected]
gitlab — gitlabAn issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`2024-02-076.5CVE-2024-1066
[email protected]
globalscape — cuteftpA vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1190
[email protected]
[email protected]
[email protected]
gnu — coreutilsA flaw was found in the GNU coreutils “split” program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.2024-02-065.5CVE-2024-0684
[email protected]
[email protected]
[email protected]
google — androidIn TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601.2024-02-056.7CVE-2024-20001
[email protected]
google — androidIn TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715.2024-02-056.7CVE-2024-20002
[email protected]
google — androidIn keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.2024-02-056.7CVE-2024-20010
[email protected]
google — androidIn keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.2024-02-056.7CVE-2024-20012
[email protected]
google — androidIn keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608.2024-02-056.7CVE-2024-20013
[email protected]
google — androidIn ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901.2024-02-054.4CVE-2024-20016
[email protected]
graylog — graylogGraylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else’s browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable.2024-02-075.7CVE-2024-24823
[email protected]
[email protected]
[email protected]
hcl — bigfixA cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.2024-02-036.5CVE-2023-37528
[email protected]
hcl– devops_deployHCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.2024-02-036.2CVE-2024-23550
[email protected]
hcl_software — hcl_sametimeSametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application.2024-02-095.9CVE-2023-50349
[email protected]
hcl_software — hcl_sametimeSametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser.2024-02-104CVE-2023-45696
[email protected]
hcl_software — hcl_sametimeSametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks.2024-02-104.8CVE-2023-45698
[email protected]
hcltech — bigfix_platformA reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page.2024-02-026.1CVE-2023-37527
[email protected]
hcltech — bigfix_platformA cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute.2024-02-025.4CVE-2024-23553
[email protected]
hid_global — hid_iclass_se_reader_configuration_cardsSensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.2024-02-075.3CVE-2024-23806
[email protected]
[email protected]
hid_global — iclass_se_cp1000_encoderCertain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.2024-02-065.9CVE-2024-22388
[email protected]
[email protected]
howard_ehrenberg — custom_post_carousels_with_owlImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS. This issue affects Custom Post Carousels with Owl: from n/a through 1.4.6.2024-02-106.5CVE-2023-51493
[email protected]
ibm — aspera_faspexIBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.2024-02-025.4CVE-2022-40744
[email protected]
[email protected]
ibm — business_automation_workflowIBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.2024-02-045.4CVE-2023-50947
[email protected]
[email protected]
[email protected]
ibm — engineering_lifecycle_optimization_publishingIBM Engineering Lifecycle Optimization – Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.2024-02-096.3CVE-2023-45187
[email protected]
[email protected]
ibm — engineering_lifecycle_optimization_publishingIBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.2024-02-095.1CVE-2023-45190
[email protected]
[email protected]
ibm — i_access_client_solutionsIBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user’s session. The hostile server could capture the NTLM hash information to obtain the user’s credentials. IBM X-Force ID: 279091.2024-02-095.1CVE-2024-22318
[email protected]
[email protected]
[email protected]
ibm — integration_bus_for_z/osThe IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.2024-02-096.5CVE-2024-22332
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 275113.2024-02-026.1CVE-2023-50933
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.2024-02-026.5CVE-2023-50935
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.2024-02-025.3CVE-2023-50327
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.2024-02-025.3CVE-2023-50328
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114.2024-02-025.3CVE-2023-50934
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.2024-02-025.4CVE-2023-50941
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the “HTTP Strict Transport Security” (HSTS) web security policy mechanism. IBM X-Force ID: 276004.2024-02-025.9CVE-2023-50962
[email protected]
[email protected]
ibm — powerscIBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.2024-02-024.3CVE-2023-50938
[email protected]
[email protected]
ibm — powervm_hypervisorIBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695.2024-02-065.3CVE-2023-46183
[email protected]
[email protected]
ibm — security_access_manager_containerIBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.2024-02-075.5CVE-2023-31002
[email protected]
[email protected]
ibm — security_verify_access_appliance/security_verify_access_dockerIBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972.2024-02-035.5CVE-2023-32329
[email protected]
[email protected]
ibm — semeru_runtimeIBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 – 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.2024-02-105.9CVE-2024-22361
[email protected]
[email protected]
ibm — soar_qradar_plugin_appIBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575.2024-02-026.5CVE-2023-38019
[email protected]
[email protected]
ibm — soar_qradar_plugin_appIBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576.2024-02-024.3CVE-2023-38020
[email protected]
[email protected]
ibm — sterling_b2b_integratorIBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827.2024-02-096.5CVE-2023-32341
[email protected]
[email protected]
ibm — sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559.2024-02-094.3CVE-2023-42016
[email protected]
[email protected]
ibm — storage_cephIBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906.2024-02-026.5CVE-2023-46159
[email protected]
[email protected]
ibm — storage_defender-resiliency_serviceIBM Storage Defender – Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.2024-02-104.4CVE-2024-22312
[email protected]
[email protected]
ibm — storage_defender_resiliency_serviceIBM Storage Defender – Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.2024-02-106.2CVE-2024-22313
[email protected]
[email protected]
ibm — storage_virtualizeIBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.2024-02-075.9CVE-2023-47700
[email protected]
[email protected]
ibm — tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271.2024-02-026.1CVE-2023-47144
[email protected]
[email protected]
ibm — urbancode_deployIBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) – IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971.2024-02-066.2CVE-2024-22331
[email protected]
[email protected]
ibm– powervm_hypervisorIBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135.2024-02-045.3CVE-2023-33851
[email protected]
[email protected]
icinga — icingaweb2-module-incubatoricingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client’s submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-095.3CVE-2024-24819
[email protected]
[email protected]
[email protected]
if_so_plugin — if-so_dynamic_content_personalizationImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1.2024-02-106.5CVE-2023-51492
[email protected]
indent– indent_2.2.13A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash.2024-02-065.5CVE-2024-0911
[email protected]
[email protected]
itop — vpnA vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1195
[email protected]
[email protected]
[email protected]
jetbrains — intellij_ideaIn JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL2024-02-065.3CVE-2024-24941
[email protected]
jetbrains — intellij_ideaIn JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives2024-02-064.3CVE-2024-24940
[email protected]
jetbrains — riderIn JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible2024-02-065.3CVE-2024-24939
[email protected]
jetbrains — teamcityIn JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed2024-02-065.3CVE-2024-24936
[email protected]
jetbrains — teamcityIn JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible2024-02-065.4CVE-2024-24937
[email protected]
jetbrains — teamcityIn JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation2024-02-065.3CVE-2024-24938
[email protected]
jetbrains — teamcityIn JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives2024-02-065.3CVE-2024-24942
[email protected]
jetbrains — toolboxIn JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image2024-02-065.5CVE-2024-24943
[email protected]
jgadbois — calculatorpro_calculatorsImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7.2024-02-056.1CVE-2024-24847
[email protected]
jspxcms — jspxcmsA vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. Theexploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability.2024-02-035.3CVE-2024-1200
[email protected]
[email protected]
[email protected]
juanpao — jpshopA vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability.2024-02-066.3CVE-2024-1259
[email protected]
[email protected]
[email protected]
juanpao — jpshopA vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999.2024-02-066.3CVE-2024-1260
[email protected]
[email protected]
[email protected]
juanpao — jpshopA vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000.2024-02-066.3CVE-2024-1261
[email protected]
[email protected]
[email protected]
juanpao — jpshopA vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253001 was assigned to this vulnerability.2024-02-066.3CVE-2024-1262
[email protected]
[email protected]
[email protected]
juanpao — jpshopA vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability.2024-02-066.3CVE-2024-1263
[email protected]
[email protected]
[email protected]
juanpao — jpshopA vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253003.2024-02-076.3CVE-2024-1264
[email protected]
[email protected]
[email protected]
leanote — leanoteLeanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.2024-02-075.5CVE-2024-0849
[email protected]
[email protected]
leap13 — premium_addons_for_elementorImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS. This issue affects Premium Addons for Elementor: from n/a through 4.10.16.2024-02-106.5CVE-2024-24831
[email protected]
libexpat_project — libexpatlibexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.2024-02-045.5CVE-2023-52426
[email protected]
[email protected]
[email protected]
liferay — portal/dxpThe Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.2024-02-076.5CVE-2024-25143
[email protected]
liferay — portal/dxpAccount lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.2024-02-085.4CVE-2023-47798
[email protected]
liferay — portal/dxpLiferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.2024-02-085.3CVE-2024-25146
[email protected]
liferay — portal/dxpIn Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.2024-02-085.4CVE-2024-25148
[email protected]
liferay — portal/dxpThe IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.2024-02-084.1CVE-2024-25144
[email protected]
linecorp — central_dogmaCentral Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.2024-02-026.1CVE-2024-1143
[email protected]
linksys — wrt54glA vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-094.3CVE-2024-1404
[email protected]
[email protected]
[email protected]
linksys — wrt54glA vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-104.3CVE-2024-1405
[email protected]
[email protected]
[email protected]
linksys — wrt54glA vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-104.3CVE-2024-1406
[email protected]
[email protected]
[email protected]
linux — kernelA Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.2024-02-046.5CVE-2023-6240
[email protected]
[email protected]
[email protected]
[email protected]
linux — kernelA flaw was found in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.2024-02-076.5CVE-2023-6356
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
linux — kernelA flaw was found in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.2024-02-076.5CVE-2023-6535
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
linux — kernelA flaw was found in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.2024-02-076.5CVE-2023-6536
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
linux — kernelA race condition was found in the Linux kernel’s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.2024-02-056.8CVE-2024-24857
[email protected]
linux — kernelA race condition was found in the Linux kernel’s media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.2024-02-056.3CVE-2024-24861
[email protected]
linux — kernelA use-after-free flaw was found in the Linux kernel’s Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.2024-02-085.1CVE-2024-1312
[email protected]
[email protected]
[email protected]
linux — kernelA race condition was found in the Linux kernel’s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.2024-02-055.3CVE-2024-24858
[email protected]
linux — kernelA race condition was found in the Linux kernel’s drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.2024-02-054.7CVE-2024-22386
[email protected]
linux — kernelA race condition was found in the Linux kernel’s sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.2024-02-054.7CVE-2024-23196
[email protected]
linux — kernelA race condition was found in the Linux kernel’s scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.2024-02-054.7CVE-2024-24855
[email protected]
linux — kernelA race condition was found in the Linux kernel’s net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.2024-02-054.8CVE-2024-24859
[email protected]
linux — kernelA race condition was found in the Linux kernel’s bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.2024-02-054.6CVE-2024-24860
[email protected]
linux — kernelA race condition was found in the Linux kernel’s media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.2024-02-054.7CVE-2024-24864
[email protected]
lê_văn_toản  — woocommerce_vietnam_checkoutImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lê Văn Toản Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7.2024-02-085.9CVE-2024-24885
[email protected]
m2crypto — m2cryptoA flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.2024-02-055.9CVE-2023-50781
[email protected]
[email protected]
mark_kinchin — beds24_online_bookingImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS. This issue affects Beds24 Online Booking: from n/a through 2.0.23.2024-02-105.9CVE-2024-24717
[email protected]
mattermost — mattermostMattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post. 2024-02-094.3CVE-2024-1402
[email protected]
michael_dempfle — advanced_iframeImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS. This issue affects Advanced iFrame: from n/a through 2023.10.2024-02-056.5CVE-2024-24870
[email protected]
micronaut-projects — micronaut-coreMicronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are “simple” and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade.2024-02-095.1CVE-2024-23639
[email protected]
[email protected]
mightythemes — mighty_addonsImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MightyThemes Mighty Addons for Elementor allows Reflected XSS.This issue affects Mighty Addons for Elementor: from n/a through 1.9.3.2024-02-056.1CVE-2024-24846
[email protected]
miraheze — managewikiManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability.2024-02-096.5CVE-2024-25109
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
miraheze — wikidiscoverWikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability.2024-02-084.9CVE-2024-25107
[email protected]
[email protected]
[email protected]
mjssoftware — sign_upsImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4.2024-02-056.1CVE-2024-24848
[email protected]
mozilla — firefoxWhen a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.2024-02-056.1CVE-2024-0953
[email protected]
mpedraza2020 — intranet_del_monterrosoA vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dni_profe leads to sql injection. Upgrading to version 4.51.0 is able to address this issue. The identifier of the patch is 678190bee1dfd64b54a2b0e88abfd009e78adce8. It is recommended to upgrade the affected component. The identifier VDB-252717 was assigned to this vulnerability.2024-02-045.5CVE-2019-25159
[email protected]
[email protected]
[email protected]
[email protected]
mrcms — mrcmsMRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do.2024-02-025.4CVE-2024-24160
[email protected]
munsoft — easy_archive_recoveryA vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1186
[email protected]
[email protected]
[email protected]
[email protected]
munsoft — easy_outlook_express_recoveryA vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1187
[email protected]
[email protected]
[email protected]
nagios — nagios_xiA stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators.2024-02-025.4CVE-2023-51072
[email protected]
nationalkeep — cybermathImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS.This issue affects CyberMath: from v.1.4 before v.1.5.2024-02-026.1CVE-2023-6673
[email protected]
nationalkeep — cybermathImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS.This issue affects CyberMath: from v1.4 before v1.5.2024-02-025.4CVE-2023-6672
[email protected]
navicat — navicatA vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252683. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1193
[email protected]
[email protected]
[email protected]
netapp — storagegrid_(formerly_storagegrid_webscale)StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service.2024-02-056.5CVE-2023-27318
[email protected]
noahkagan — scroll_triggered_boxImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3.2024-02-055.4CVE-2024-24865
[email protected]
nonebot — nonebot2nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template.2024-02-095.7CVE-2024-21624
[email protected]
[email protected]
nsasoft — network_bandwidth_monitorA vulnerability classified as problematic has been found in Nsasoft NBMonitor Network Bandwidth Monitor 1.6.5.0. This affects an unknown part of the component Registration Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252675. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1185
[email protected]
[email protected]
[email protected]
nsasoft — network_sleuthA vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-252674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1184
[email protected]
[email protected]
[email protected]
openbi — openbiA vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696.2024-02-036.3CVE-2024-1198
[email protected]
[email protected]
[email protected]
openharmony — openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.2024-02-026.2CVE-2024-21863
[email protected]
openharmony — openharmonyin OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.2024-02-025.5CVE-2023-43756
[email protected]
openharmony — openharmonyin OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.2024-02-025.5CVE-2023-49118
[email protected]
openharmony — openharmonyin OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.2024-02-025.5CVE-2024-0285
[email protected]
phpems — phpemsA vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability.2024-02-096.3CVE-2024-1353
[email protected]
[email protected]
[email protected]
pimcore — admin_ui_classic_bundlePimcore’s Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.2024-02-076.5CVE-2024-24822
[email protected]
[email protected]
[email protected]
plotly — dashVersions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that’s visible to another user who opens that view – not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server. **Note:** This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user.2024-02-025.4CVE-2024-21485
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
pyload — pyloadpyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.2024-02-064.7CVE-2024-24808
[email protected]
[email protected]
python — cryptographyA flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.2024-02-055.9CVE-2023-50782
[email protected]
[email protected]
qnap — photo_stationA cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later2024-02-025.4CVE-2023-47561
[email protected]
qnap — qtsAn incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later2024-02-026.5CVE-2023-32967
[email protected]
qnap — qtsAn unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later2024-02-026.7CVE-2023-50359
[email protected]
qnap — qtsA NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later2024-02-024.9CVE-2023-41274
[email protected]
qnap — qtsA path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later2024-02-024.9CVE-2023-45026
[email protected]
qnap — qtsA path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later2024-02-024.9CVE-2023-45027
[email protected]
qnap — qtsAn uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later2024-02-024.9CVE-2023-45028
[email protected]
qualcomm — aqt1000_firmwareTransient DOS in Audio when invoking callback function of ASM driver.2024-02-065.5CVE-2023-33064
[email protected]
qualcomm — ar8035_firmwareTransient DOS in Core when DDR memory check is called while DDR is not initialized.2024-02-065.5CVE-2023-33060
[email protected]
rapidscada — rapid_scadaIn Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system.2024-02-026.5CVE-2024-22096
[email protected]
[email protected]
rapidscada — rapid_scadaIn Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page.2024-02-025.4CVE-2024-21794
[email protected]
[email protected]
rapidscada — rapid_scadaIn Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request.2024-02-025.3CVE-2024-21866
[email protected]
[email protected]
rapidscada — rapid_scadaIn Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.2024-02-025.5CVE-2024-21869
[email protected]
[email protected]
rdkcentral — rdk-bIn da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.2024-02-056.7CVE-2024-20006
[email protected]
realmag777 — active_products_tables_for_woocommerce_professional_products_tables_for_woocommerce_storeImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store allows Stored XSS.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store: from n/a through 1.0.6.2024-02-106.5CVE-2023-51480
[email protected]
realmag777 — bear_bulk_editor_and_products_manager_professional_for_woocommerce_by_pluginus.netImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.2024-02-085.9CVE-2024-24834
[email protected]
remyandrade — testimonial_page_managerA vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability.2024-02-026.1CVE-2024-1196
[email protected]
[email protected]
rizonesoft — notepad3A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-252678 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-025.5CVE-2024-1188
[email protected]
[email protected]
[email protected]
samsung — galaxy_storeImplicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.2024-02-065.5CVE-2024-20822
[email protected]
samsung — galaxy_storeImplicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.2024-02-065.5CVE-2024-20823
[email protected]
samsung — galaxy_storeImplicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.2024-02-065.5CVE-2024-20824
[email protected]
samsung — galaxy_storeImplicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.2024-02-065.5CVE-2024-20825
[email protected]
samsung_mobile — samsung_mobile_devicesOut bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.2024-02-066.6CVE-2024-20817
[email protected]
samsung_mobile — samsung_mobile_devicesOut bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.2024-02-066.6CVE-2024-20818
[email protected]
samsung_mobile — samsung_mobile_devicesOut bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.2024-02-066.6CVE-2024-20819
[email protected]
samsung_mobile — samsung_mobile_devicesImproper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.2024-02-065.1CVE-2024-20811
[email protected]
samsung_mobile — samsung_mobile_devicesOut-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information.2024-02-064CVE-2024-20814
[email protected]
samsung_mobile — samsung_mobile_devicesImproper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read.2024-02-064.4CVE-2024-20820
[email protected]
samsung_mobile — samsung_mobile_devicesImproper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.2024-02-064.6CVE-2024-20827
[email protected]
samsung_mobile — uphelperImplicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent.2024-02-065.5CVE-2024-20826
[email protected]
sepidz — sepidzdigitalmenuA vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. This vulnerability affects unknown code of the file /Waiters. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-065.3CVE-2024-1255
[email protected]
[email protected]
snow_software — snow_inventory_agentAuthentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof. This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.02024-02-086CVE-2023-7169
[email protected]
solar-log — 2000_pm\+_firmwareA vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks.2024-02-025.4CVE-2023-46344
[email protected]
[email protected]
spring_security — spring_securityThe spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.2024-02-054.1CVE-2023-34042
[email protected]
stimulsoft — dashboardsCross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.2024-02-055.4CVE-2024-24397
[email protected]
[email protected]
[email protected]
suite_crm — suite_crmSuite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.2024-02-075CVE-2023-6388
[email protected]
[email protected]
tenable — nessusA SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.2024-02-076.5CVE-2024-0971
[email protected]
tenable — nessusA stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.2024-02-074.8CVE-2024-0955
[email protected]
thorsten — phpmyfaqphpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The ‘sharing FAQ’ functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application’s email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.2024-02-056.5CVE-2024-22208
[email protected]
[email protected]
thorsten — phpmyfaqphpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.2024-02-056.5CVE-2024-24574
[email protected]
[email protected]
[email protected]
thorsten — phpmyfaqphpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ’s user removal page allows an attacker to spoof another user’s detail, and in turn make a compelling phishing case for removing another user’s account. The front-end of this page doesn’t allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.2024-02-055.7CVE-2024-22202
[email protected]
[email protected]
tongda — oa_2017A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-252990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-065.5CVE-2024-1251
[email protected]
[email protected]
[email protected]
tongda — oa_2017A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991.2024-02-065.5CVE-2024-1252
[email protected]
[email protected]
[email protected]
ujcms — jspxcmsA vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996.2024-02-066.1CVE-2024-1257
[email protected]
[email protected]
[email protected]
ujcms — jspxcmsA vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995.2024-02-064.3CVE-2024-1256
[email protected]
[email protected]
[email protected]
vercel — pkgpkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21’s support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security.2024-02-096.6CVE-2024-24828
[email protected]
[email protected]
vmware — aria_operations_for_networksAria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.2024-02-064.8CVE-2024-22238
[email protected]
vmware — aria_operations_for_networksAria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.2024-02-064.9CVE-2024-22240
[email protected]
vmware — aria_operations_for_networksAria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.  2024-02-064.8CVE-2024-22241
[email protected]
websoudan — mw_wp_formImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in websoudan MW WP Form allows Stored XSS. This issue affects MW WP Form: from n/a through 5.0.6.2024-02-106.5CVE-2024-24804
[email protected]
westermo — lynxA potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.2024-02-066.6CVE-2023-45213
[email protected]
westermo — lynxAn attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the “forward.0.domain” parameter.2024-02-065.4CVE-2023-40143
[email protected]
westermo — lynxAn attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications.2024-02-065.7CVE-2023-40544
[email protected]
westermo — lynxAn attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the “username” parameter in the SNMP configuration.2024-02-065.4CVE-2023-42765
[email protected]
westermo — lynxAn attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the “autorefresh” parameter.2024-02-065.4CVE-2023-45222
[email protected]
westermo — lynxAn attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the “dns.0.server” parameter.2024-02-065.4CVE-2023-45227
[email protected]
western_digital — my_cloud_os_5Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104. 2024-02-055.5CVE-2023-22817
[email protected]
western_digital — my_cloud_os_5An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161.2024-02-054.9CVE-2023-22819
[email protected]
wolfssl — wolfsslwolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: –enable-all CFLAGS=”-DWOLFSSL_STATIC_RSA” The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with “–enable-all”, is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However, the server’s private key is not exposed.2024-02-095.9CVE-2023-6935
[email protected]
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MyAgilePrivacy My Agile Privacy – The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy – The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7.2024-02-106.5CVE-2023-51404
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 3.2.2.2024-02-106.5CVE-2023-51415
[email protected]
wordpress — wordpressThe Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-086.4CVE-2023-5665
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin’s shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2023-6526
[email protected]
[email protected]
wordpress — wordpressThe Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2023-6982
[email protected]
[email protected]
wordpress — wordpressThe 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site.2024-02-056.5CVE-2023-6985
[email protected]
[email protected]
wordpress — wordpressThe WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 9.7.6.2024-02-056.4CVE-2023-7029
[email protected]
[email protected]
wordpress — wordpressThe (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-0254
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-076.4CVE-2024-0256
[email protected]
[email protected]
wordpress — wordpressThe Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-0448
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-0508
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-02-056.1CVE-2024-0509
[email protected]
[email protected]
wordpress — wordpressThe Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.5CVE-2024-0586
[email protected]
[email protected]
wordpress — wordpressThe Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-056.1CVE-2024-0660
[email protected]
[email protected]
wordpress — wordpressThe Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the ‘process_bulk_action’ function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-02-056.6CVE-2024-0668
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘available-days-tf’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.5CVE-2024-0678
[email protected]
[email protected]
wordpress — wordpressThe AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘add_image_from_url’ function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.2024-02-056.6CVE-2024-0699
[email protected]
[email protected]
wordpress — wordpressThe Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-0834
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the ‘data-eael-wrapper-link’ wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-0954
[email protected]
[email protected]
wordpress — wordpressThe SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-0961
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-02-076.1CVE-2024-1037
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin ‘reg-number-field’ shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-056.4CVE-2024-1046
[email protected]
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Calculators World CC BMI Calculator allows Stored XSS. This issue affects CC BMI Calculator: from n/a through 2.0.1.2024-02-106.5CVE-2024-23516
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Start Booking Scheduling Plugin – Online Booking for WordPress allows Stored XSS. This issue affects Scheduling Plugin – Online Booking for WordPress: from n/a through 3.5.10.2024-02-106.5CVE-2024-23517
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS. This issue affects Heateor Social Login WordPress: from n/a through 1.1.30.2024-02-106.5CVE-2024-24712
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS. This issue affects Auto Listings – Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5.2024-02-106.5CVE-2024-24713
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS. This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.2024-02-106.5CVE-2024-24801
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPoperation Ultra Companion – Companion plugin for WPoperation Themes allows Stored XSS. This issue affects Ultra Companion – Companion plugin for WPoperation Themes: from n/a through 1.1.9.2024-02-106.5CVE-2024-24803
[email protected]
wordpress — wordpressThe Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts.2024-02-055.3CVE-2023-6557
[email protected]
[email protected]
wordpress — wordpressThe Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2023-6701
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2023-6807
[email protected]
[email protected]
wordpress — wordpressThe Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2023-6808
[email protected]
[email protected]
[email protected]
wordpress — wordpressThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the ‘place_id’ attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2023-6884
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting ‘g-recaptcha-response’ from the ‘data’ array.2024-02-055.3CVE-2023-6963
[email protected]
[email protected]
wordpress — wordpressThe Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the ‘ma_debu’ parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable.2024-02-055.3CVE-2023-7014
[email protected]
[email protected]
wordpress — wordpressThe WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wprm-recipe-text-share’ shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2024-0255
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the ‘header_tag’ attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2024-0382
[email protected]
[email protected]
wordpress — wordpressThe WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2024-0384
[email protected]
[email protected]
wordpress — wordpressThe Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2024-0585
[email protected]
[email protected]
wordpress — wordpressThe Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts.2024-02-105.3CVE-2024-0596
[email protected]
[email protected]
wordpress — wordpressThe Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.5CVE-2024-0659
[email protected]
[email protected]
wordpress — wordpressThe FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import.2024-02-055.5CVE-2024-0691
[email protected]
[email protected]
wordpress — wordpressThe UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the ‘Disabled registration’ Membership feature within the plugin’s General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.2024-02-055.3CVE-2024-0701
[email protected]
[email protected]
wordpress — wordpressThe WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions. This makes it possible for unauthenticated attackers to create, modify and delete taxonomy terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Furthermore, the functions wpbe_save_options, wpbe_bulk_delete_posts_count, wpbe_bulk_delete_posts, and wpbe_save_meta are vulnerable to Cross-Site Request Forgery allowing for plugin options update, post count deletion, post deletion and modification of post metadata via forged request.2024-02-055.4CVE-2024-0790
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Link To’ url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-055.4CVE-2024-0823
[email protected]
[email protected]
wordpress — wordpressThe PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-035.4CVE-2024-0895
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied ‘location’ attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-025.4CVE-2024-0963
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin’s page restriction and view page content.2024-02-085.3CVE-2024-0965
[email protected]
[email protected]
wordpress — wordpressThe ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin’s “Default Restriction” feature and view restricted post content.2024-02-055.3CVE-2024-0969
[email protected]
[email protected]
wordpress — wordpressThe Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys.2024-02-025.3CVE-2024-1047
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-075.4CVE-2024-1055
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filter_array’ parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-025.4CVE-2024-1073
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.2024-02-075.3CVE-2024-1079
[email protected]
[email protected]
wordpress — wordpressThe Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin’s tracking data and podcast information.2024-02-075.3CVE-2024-1109
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin’s settings.2024-02-075.3CVE-2024-1110
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings.2024-02-055.3CVE-2024-1121
[email protected]
[email protected]
wordpress — wordpressThe Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.2024-02-095.3CVE-2024-1122
[email protected]
[email protected]
wordpress — wordpressThe WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs2024-02-055.3CVE-2024-1177
[email protected]
[email protected]
wordpress — wordpressThe LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.2024-02-055.3CVE-2024-1208
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.2024-02-055.3CVE-2024-1209
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.2024-02-055.3CVE-2024-1210
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.2024-02-054.3CVE-2023-4637
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin.2024-02-054.9CVE-2023-6953
[email protected]
[email protected]
wordpress — wordpressThe Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the ‘Recaptcha Site Key’ and ‘Recaptcha Secret Key’ settings.2024-02-054.3CVE-2023-6959
[email protected]
[email protected]
wordpress — wordpressThe Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta.2024-02-054.3CVE-2023-6983
[email protected]
[email protected]
wordpress — wordpressThe Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.2024-02-054.3CVE-2024-0366
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘save_view’ function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.2024-02-054.3CVE-2024-0370
[email protected]
[email protected]
wordpress — wordpressThe Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘create_view’ function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.2024-02-054.3CVE-2024-0371
[email protected]
[email protected]
wordpress — wordpressThe Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘get_form_fields’ function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.2024-02-054.3CVE-2024-0372
[email protected]
[email protected]
wordpress — wordpressThe Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the ‘save_view’ function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-054.3CVE-2024-0373
[email protected]
[email protected]
wordpress — wordpressThe Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the ‘create_view’ function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-054.3CVE-2024-0374
[email protected]
[email protected]
wordpress — wordpressThe WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the ‘icon’ attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting.2024-02-054.3CVE-2024-0380
[email protected]
[email protected]
wordpress — wordpressThe Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-084.3CVE-2024-0511
[email protected]
[email protected]
wordpress — wordpressThe Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails.2024-02-104.3CVE-2024-0595
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-054.4CVE-2024-0597
[email protected]
[email protected]
wordpress — wordpressThe Content Views – Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-054.4CVE-2024-0612
[email protected]
[email protected]
wordpress — wordpressThe WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-054.4CVE-2024-0630
[email protected]
[email protected]
wordpress — wordpressThe Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as ‘ilj_settings_field_links_per_page’ in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-094.4CVE-2024-0657
[email protected]
[email protected]
wordpress — wordpressThe WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms.2024-02-054.3CVE-2024-0791
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-054.3CVE-2024-0796
[email protected]
[email protected]
wordpress — wordpressThe Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use.2024-02-054.3CVE-2024-0797
[email protected]
[email protected]
wordpress — wordpressThe Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values.2024-02-054.3CVE-2024-0835
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-054.3CVE-2024-0859
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin’s timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image.2024-02-074.4CVE-2024-0977
[email protected]
[email protected]
wordpress — wordpressThe Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.2024-02-074.3CVE-2024-1078
[email protected]
[email protected]
wordpress — wordpressThe RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them.2024-02-054.3CVE-2024-1092
[email protected]
[email protected]
wordpress — wordpressThe Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-02-024.3CVE-2024-1162
[email protected]
[email protected]
wp_hosting — pay_with_vipps_and_mobilepay_for_woocommerceImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS. This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13.2024-02-106.5CVE-2023-51485
[email protected]
wpsc-plugin — structured_contentImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.6.1.2024-02-055.4CVE-2024-24839
[email protected]
xunruicms — xunruicmsCross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.2024-02-026.1CVE-2024-24388
[email protected]
zabbix — zabbixThe cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.2024-02-095.5CVE-2024-22119
[email protected]

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
armcode — alienipA vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-023.3CVE-2024-1194
[email protected]
[email protected]
[email protected]
codeastro — restaurant_pos_systemA vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-253010 is the identifier assigned to this vulnerability.2024-02-073.5CVE-2024-1267
[email protected]
[email protected]
[email protected]
codeastro — university_management_systemA vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253008.2024-02-072.4CVE-2024-1265
[email protected]
[email protected]
[email protected]
codeastro — university_management_systemA vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253009 was assigned to this vulnerability.2024-02-072.4CVE-2024-1266
[email protected]
[email protected]
[email protected]
concrete_cms — concrete_cmsConcrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.2024-02-092.4CVE-2024-1245
ff5b8ace-8b95-4078-9743-eac1ca5451de
ff5b8ace-8b95-4078-9743-eac1ca5451de
concrete_cms — concrete_cmsConcrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.2024-02-092CVE-2024-1246
ff5b8ace-8b95-4078-9743-eac1ca5451de
ff5b8ace-8b95-4078-9743-eac1ca5451de
concrete_cms — concrete_cmsConcrete CMS version 9 before 9.2.5 is vulnerable to  stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.2024-02-092CVE-2024-1247
ff5b8ace-8b95-4078-9743-eac1ca5451de
ff5b8ace-8b95-4078-9743-eac1ca5451de
grub2 — grub2A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.2024-02-063.3CVE-2024-1048
[email protected]
[email protected]
[email protected]
[email protected]
hcl_software — hcl_sametimeSametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session.  2024-02-093.9CVE-2023-45718
[email protected]
juanpao — jpshopA vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability.2024-02-063.1CVE-2024-1258
[email protected]
[email protected]
[email protected]
mailcow — mailcow-dockerizedmailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn’t respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.2024-02-022.7CVE-2024-23824
[email protected]
[email protected]
[email protected]
mattermost — mattermostMattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user’s Jira connection in Mattermost only by viewing the message.2024-02-093.5CVE-2024-23319
[email protected]
mattermost — mattermostMattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.2024-02-093.4CVE-2024-24774
[email protected]
mattermost — mattermostMattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.2024-02-093.1CVE-2024-24776
[email protected]
planet-freo — planet-freoA vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 6ad38c58a45642eb8c7844e2f272ef199f59550d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-252716.2024-02-043.7CVE-2015-10129
[email protected]
[email protected]
[email protected]
sametime — sametimeSametime is impacted by sensitive information passed in URL.2024-02-091.7CVE-2023-45716
[email protected]
samsung_mobile — samsung_internetImproper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.2024-02-062.4CVE-2024-20828
[email protected]
samsung_mobile — samsung_mobile_devicesImplicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows attackers to get sensitive information.2024-02-063.3CVE-2024-20810
[email protected]
sourcecodester — crudA vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability.2024-02-033.5CVE-2024-1215
[email protected]
[email protected]
[email protected]
sourcecodester — product_management_systemA vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument supplier_name/supplier_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253012.2024-02-072.4CVE-2024-1269
[email protected]
[email protected]
[email protected]
sulu– suluSulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12.2024-02-052.7CVE-2024-24807
[email protected]
[email protected]
[email protected]
vyperlang — vyperVyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can’t be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn’t be possible to trigger when compiling the compiler-generated `IR`. This issue isn’t triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.2024-02-053.7CVE-2024-24559
[email protected]
[email protected]
vyperlang — vyperVyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value’s length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned.2024-02-023.7CVE-2024-24560
[email protected]
wordpress — wordpressThe WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.2024-02-073.8CVE-2024-0628
[email protected]
[email protected]
wordpress — wordpressThe Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden.2024-02-053.7CVE-2024-1075
[email protected]
[email protected]
[email protected]

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
akaunting — akauntingAn OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.2024-02-08not yet calculatedCVE-2024-22836
[email protected]
[email protected]
[email protected]
android — binhdrm26_ super_rebootThe Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode.2024-02-06not yet calculatedCVE-2023-47889
[email protected]
apache_software_foundation — brpcRequest smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that ‘chunk’ is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server.  Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch:  https://github.com/apache/brpc/pull/25182024-02-08not yet calculatedCVE-2024-23452
[email protected]
[email protected]
[email protected]
[email protected]
apache_software_foundation — solrInsufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process’ Java system properties, /admin/info/properties, was only setup to hide system properties that had “password” contained in the name. There are a number of sensitive system properties, such as “basicauth” and “aws.secretKey” do not contain “password”, thus their values were published via the “/admin/info/properties” endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the “config-read” permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the “config-read” permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, “-Dsolr.hiddenSysProps”. By default all known sensitive properties are hidden (including “-Dbasicauth”), as well as any property with a name containing “secret” or “password”. Users who cannot upgrade can also use the following Java system property to fix the issue:   ‘-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*’2024-02-09not yet calculatedCVE-2023-50291
[email protected]
[email protected]
apache_software_foundation — solrIncorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the “trust” (authentication) of these configSets was not considered. External library loading is only available to configSets that are “trusted” (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their “trust” into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue.2024-02-09not yet calculatedCVE-2023-50292
[email protected]
[email protected]
apache_software_foundation — solrExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a “zkHost” parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever “zkHost” the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server’s address in “zkHost”. Streaming Expressions are exposed via the “/streaming” handler, with “read” permissions. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.2024-02-09not yet calculatedCVE-2023-50298
[email protected]
[email protected]
[email protected]
apache_software_foundation — solrImproper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.2024-02-09not yet calculatedCVE-2023-50386
[email protected]
[email protected]
aprktool — aprktoolAprktool before 2.9.3 on Windows allows ../ and /.. directory traversal.2024-02-02not yet calculatedCVE-2024-24482
[email protected]
archibus — app_4.0.3An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database.2024-02-02not yet calculatedCVE-2023-48645
[email protected]
arm_ltd — bifrost_gpu_kernel_driverUse After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free. This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.2024-02-05not yet calculatedCVE-2023-5249
[email protected]
arm_ltd — bifrost_gpu_kernel_driverOut-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the system’s memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds. This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0.2024-02-05not yet calculatedCVE-2023-5643
[email protected]
artifex — ghostscriptArtifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).2024-02-04not yet calculatedCVE-2020-36773
[email protected]
[email protected]
[email protected]
[email protected]
atmail — atmailAtmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.2024-02-07not yet calculatedCVE-2024-24133
[email protected]
atos — unify_openscape_voice_trace_managerAn issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request.2024-02-08not yet calculatedCVE-2023-40262
[email protected]
atos — unify_openscape_voice_trace_managerAn issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp.2024-02-08not yet calculatedCVE-2023-40263
[email protected]
atos — unify_openscape_voice_trace_managerAn issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface.2024-02-08not yet calculatedCVE-2023-40264
[email protected]
atos — unify_openscape_xpressions_webassistantAn issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.2024-02-08not yet calculatedCVE-2023-40265
[email protected]
atos — unify_openscape_xpressions_webassistantAn issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.2024-02-08not yet calculatedCVE-2023-40266
[email protected]
axigen — axigenCross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.2024-02-07not yet calculatedCVE-2023-40355
[email protected]
axigen — axigenWebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates.2024-02-08not yet calculatedCVE-2023-49101
[email protected]
axigen — webmailCross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and before allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.2024-02-08not yet calculatedCVE-2023-48974
[email protected]
[email protected]
axiomatic_systems — bento4Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function.2024-02-09not yet calculatedCVE-2024-25451
[email protected]
axiomatic_systems — bento4Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function.2024-02-09not yet calculatedCVE-2024-25452
[email protected]
axiomatic_systems — bento4Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function.2024-02-09not yet calculatedCVE-2024-25453
[email protected]
[email protected]
axiomatic_systems — bento4Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.2024-02-09not yet calculatedCVE-2024-25454
[email protected]
binance — trust_walletThe Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe and link them to specific wallet addresses in order to steal funds from those wallets.2024-02-08not yet calculatedCVE-2024-23660
[email protected]
[email protected]
binhdrm26 — super_rebootAn issue in the PowerOffWidgetReceiver function of Super Reboot (Root) Recovery v1.0.3 allows attackers to arbitrarily reset or power off the device via a crafted intent2024-02-06not yet calculatedCVE-2023-47354
[email protected]
[email protected]
cellinx — nvt_web_serverAn issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request.2024-02-08not yet calculatedCVE-2024-24215
[email protected]
[email protected]
[email protected]
cotonti — contonti_cmsA stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.2024-02-08not yet calculatedCVE-2024-24115
[email protected]
curl — curlcurl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.2024-02-03not yet calculatedCVE-2024-0853
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
cybozu_inc — cybozu_kunai_for_androidCybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.2024-02-06not yet calculatedCVE-2024-23304
[email protected]
[email protected]
d-link — dir-816A2An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.2024-02-08not yet calculatedCVE-2024-24321
[email protected]
[email protected]
[email protected]
[email protected]
d-link — go-rt-ac750D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.2024-02-06not yet calculatedCVE-2024-22852
[email protected]
[email protected]
d-link — go-rt-ac750D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.2024-02-06not yet calculatedCVE-2024-22853
[email protected]
[email protected]
delete-tracker_php — daily_habit_trackerSQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.2024-02-08not yet calculatedCVE-2024-24495
[email protected]
django — djangoAn issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.2024-02-06not yet calculatedCVE-2024-24680
[email protected]
[email protected]
[email protected]
dronecode — PX4PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes.2024-02-06not yet calculatedCVE-2024-24254
[email protected]
[email protected]
dronecode — PX4A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions.2024-02-06not yet calculatedCVE-2024-24255
[email protected]
dronetag — drone_scannerAn issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.2024-02-06not yet calculatedCVE-2024-22520
[email protected]
easyemail — easyemailCross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version.2024-02-09not yet calculatedCVE-2023-39683
[email protected]
[email protected]
[email protected]
easysoft — zentaoAn arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.2024-02-08not yet calculatedCVE-2024-24202
[email protected]
easysoft — zentaoZentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.2024-02-08not yet calculatedCVE-2024-24216
[email protected]
[email protected]
egerie — risk_managerAn issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation.2024-02-08not yet calculatedCVE-2023-27001
[email protected]
enlightenment — imlib2An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.2024-02-09not yet calculatedCVE-2024-25447
[email protected]
[email protected]
enlightenment — imlib2An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.2024-02-09not yet calculatedCVE-2024-25448
[email protected]
[email protected]
espruino — espruinoEspruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.2024-02-07not yet calculatedCVE-2024-25200
[email protected]
espruino — espruinoEspruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c.2024-02-07not yet calculatedCVE-2024-25201
[email protected]
eypcnnapps — quickrebootThe com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation.2024-02-05not yet calculatedCVE-2023-47355
[email protected]
[email protected]
forescout — secureconnectorInsecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.2024-02-08not yet calculatedCVE-2024-22795
[email protected]
[email protected]
[email protected]
glitched_polygons — l8w8jwtl8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.2024-02-08not yet calculatedCVE-2024-25190
[email protected]
google — androidIn TBD of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-07not yet calculatedCVE-2024-22012
[email protected]
google — chromeThe N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.2024-02-08not yet calculatedCVE-2023-47131
[email protected]
google — chromeHeap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-02-07not yet calculatedCVE-2024-1283
[email protected]
[email protected]
[email protected]
[email protected]
google — chromeUse after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-02-07not yet calculatedCVE-2024-1284
[email protected]
[email protected]
[email protected]
[email protected]
gradio-app — gradio-app_gradioA local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.2024-02-05not yet calculatedCVE-2024-0964
[email protected]
[email protected]
grav_cms — gravA cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.2024-02-09not yet calculatedCVE-2023-31506
[email protected]
hardy_barth — cph2_echarge_ladestationAn OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.2024-02-06not yet calculatedCVE-2023-46359
[email protected]
[email protected]
hardy_barth — cph2_echarge_ladestationHardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges.2024-02-06not yet calculatedCVE-2023-46360
[email protected]
[email protected]
hipresta — hiprestaSQL Injection vulnerability in HiPresta “Gift Wrapping Pro” (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method.2024-02-07not yet calculatedCVE-2024-24303
[email protected]
huaxiaerp — jsherpjshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths.2024-02-06not yet calculatedCVE-2024-24000
[email protected]
[email protected]
hugin — huginAn issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.2024-02-09not yet calculatedCVE-2024-25442
[email protected]
hugin — huginAn issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image.2024-02-09not yet calculatedCVE-2024-25443
[email protected]
hugin — huginImproper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure.2024-02-09not yet calculatedCVE-2024-25445
[email protected]
hugin — huginAn issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.2024-02-09not yet calculatedCVE-2024-25446
[email protected]
imlib2 — imlib2imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().2024-02-09not yet calculatedCVE-2024-25450
[email protected]
[email protected]
imou — imou_goAn issue in the com.oneed.dvr.service.DownloadFirmwareService component of IMOU GO v1.0.11 allows attackers to force the download of arbitrary files.2024-02-06not yet calculatedCVE-2023-47353
[email protected]
[email protected]
innovadeluxe — innovadeluxeSQL injection vulnerability in InnovaDeluxe “Manufacturer or supplier alphabetical search” (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike.2024-02-09not yet calculatedCVE-2023-46350
[email protected]
intelbras — roteador_action_rf_1200Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie resulting in Login Bypass.2024-02-06not yet calculatedCVE-2024-22773
[email protected]
[email protected]
ispyconnect.com — agent_dvrAn issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file.2024-02-06not yet calculatedCVE-2024-22514
[email protected]
ispyconnect.com — agent_dvrUnrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component.2024-02-06not yet calculatedCVE-2024-22515
[email protected]
it_edge_soft — cineam_seat_reservation_systemCode-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the ‘id’ parameter at “/Cinema-Reservation/booking.php?id=1.”2024-02-09not yet calculatedCVE-2024-25307
[email protected]
it_edge_soft — hotel_management_systemCode-projects Hotel Managment System 1.0, allows SQL Injection via the ‘sid’ parameter in Hotel/admin/show.php?sid=2.2024-02-09not yet calculatedCVE-2024-25314
[email protected]
it_edge_soft — hotel_management_systemCode-projects Hotel Managment System 1.0, allows SQL Injection via the ‘rid’ parameter in Hotel/admin/roombook.php?rid=2.2024-02-09not yet calculatedCVE-2024-25315
[email protected]
it_edge_soft — hotel_management_systemCode-projects Hotel Managment System 1.0 allows SQL Injection via the ‘eid’ parameter in Hotel/admin/usersettingdel.php?eid=2.2024-02-09not yet calculatedCVE-2024-25316
[email protected]
it_edge_soft — hotel_management_systemCode-projects Hotel Managment System 1.0 allows SQL Injection via the ‘pid’ parameter in Hotel/admin/print.php?pid=2.2024-02-09not yet calculatedCVE-2024-25318
[email protected]
it_edge_soft — simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the ‘apass’ parameter at “School/index.php.”2024-02-09not yet calculatedCVE-2024-25304
[email protected]
it_edge_soft — simple_school_management_systemCode-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.2024-02-09not yet calculatedCVE-2024-25305
[email protected]
it_edge_soft — simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the ‘aname’ parameter at “School/index.php”.2024-02-09not yet calculatedCVE-2024-25306
[email protected]
it_edge_soft — simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the ‘name’ parameter at School/teacher_login.php.2024-02-09not yet calculatedCVE-2024-25308
[email protected]
it_edge_soft — simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the ‘pass’ parameter at School/teacher_login.php.2024-02-09not yet calculatedCVE-2024-25309
[email protected]
it_edge_soft — simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the ‘id’ parameter at “School/delete.php?id=5.”2024-02-09not yet calculatedCVE-2024-25310
[email protected]
it_edge_soft — simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the ‘id’ parameter at “School/sub_delete.php?id=5.”2024-02-09not yet calculatedCVE-2024-25312
[email protected]
it_edge_soft — simple_school_management_systemCode-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php.2024-02-09not yet calculatedCVE-2024-25313
[email protected]
kitty — kittyKiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.2024-02-09not yet calculatedCVE-2024-23749
[email protected]
[email protected]
kitty — kittyKiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.2024-02-09not yet calculatedCVE-2024-25003
[email protected]
[email protected]
kitty — kittyKiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.2024-02-09not yet calculatedCVE-2024-25004
[email protected]
[email protected]
libjwt — libjwtlibjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.2024-02-08not yet calculatedCVE-2024-25189
[email protected]
libxml2 — libxml2An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.2024-02-04not yet calculatedCVE-2024-25062
[email protected]
[email protected]
linea_grafica — linea_graficaPath Traversal vulnerability in Linea Grafica “Multilingual and Multistore Sitemap Pro – SEO” (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.2024-02-07not yet calculatedCVE-2024-24311
[email protected]
linux-pam — linux-pamlinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.2024-02-06not yet calculatedCVE-2024-22365
[email protected]
[email protected]
[email protected]
[email protected]
litespeed — litespeed_quick_(lsquic)In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.2024-02-09not yet calculatedCVE-2024-25678
[email protected]
[email protected]
[email protected]
logpoint — siemThe Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure.2024-02-03not yet calculatedCVE-2023-49950
[email protected]
[email protected]
ltos-web-interface — meinberg_lantime_firmwareAn issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls.2024-02-04not yet calculatedCVE-2021-46902
[email protected]
ltos-web-interface — meinberg_lantime_firmwareAn issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).2024-02-04not yet calculatedCVE-2021-46903
[email protected]
magic_software_enterprises — magic_xpiThe XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.2024-02-06not yet calculatedCVE-2023-52239
[email protected]
[email protected]
mail2world — business_control_centerMail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp.2024-02-07not yet calculatedCVE-2024-24130
[email protected]
malwarebytes_binisoft_windows_firewall_control — malwarebytes_binisoft_windows_firewall_controlmMalwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes.2024-02-04not yet calculatedCVE-2024-25089
[email protected]
[email protected]
min — minIn Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.2024-02-09not yet calculatedCVE-2024-25677
[email protected]
mingsoft — mcmsFile Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.2024-02-05not yet calculatedCVE-2024-22567
[email protected]
misp — mispAn issue was discovered in MISP before 2.4.184. Organization logo upload is insecure because of a lack of checks for the file extension and MIME type.2024-02-09not yet calculatedCVE-2024-25674
[email protected]
[email protected]
misp — mispAn issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.2024-02-09not yet calculatedCVE-2024-25675
[email protected]
[email protected]
n-able — n-centralAn issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.2024-02-08not yet calculatedCVE-2023-47132
[email protected]
ncr_atleos — terminal_handlerMultiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.2024-02-08not yet calculatedCVE-2023-47020
[email protected]
[email protected]
ncr_atleos — terminal_handlerInsecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.2024-02-06not yet calculatedCVE-2023-47022
[email protected]
npm — ip_packageAn issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.2024-02-08not yet calculatedCVE-2023-42282
[email protected]
oaooa — pichomeFile Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.2024-02-08not yet calculatedCVE-2024-24393
[email protected]
octane877 — employee_management_systemSQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtusername and txtpassword parameters in the login.php components.2024-02-08not yet calculatedCVE-2024-24497
[email protected]
octane877 — employee_management_systemUnrestricted File Upload vulnerability in Employee Management System 1.0 allows a remote attacker to execute arbitrary code via the edit-photo.php component.2024-02-08not yet calculatedCVE-2024-24498
[email protected]
octane877 — employee_management_systemSQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtfullname and txtphone parameters in the edit_profile.php component.2024-02-08not yet calculatedCVE-2024-24499
[email protected]
october — october_cmsCross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp32024-02-08not yet calculatedCVE-2023-25365
[email protected]
opoendroneid — opendroneid_osmAn issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets.2024-02-06not yet calculatedCVE-2024-22519
[email protected]
p-quic — pquicIn PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.2024-02-09not yet calculatedCVE-2024-25679
[email protected]
[email protected]
[email protected]
paessler — prtg_network_monitorPaessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the web console. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-21182.2024-02-08not yet calculatedCVE-2023-51630
[email protected]
php-jwt — php-jwtphp-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.2024-02-08not yet calculatedCVE-2024-25191
[email protected]
plone — ploneAn issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).2024-02-05not yet calculatedCVE-2024-23054
[email protected]
[email protected]
[email protected]
plone — ploneThe HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.2024-02-08not yet calculatedCVE-2024-23756
[email protected]
presta_monster — hsmultiaccessoriesproSQL injection vulnerability in Presta Monster “Multi Accessories Pro” (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts().2024-02-09not yet calculatedCVE-2023-50026
[email protected]
prestashop — boostmyshopSQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php.2024-02-09not yet calculatedCVE-2024-24308
[email protected]
prestashop — mailjetIn the module “Mailjet” (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction.2024-02-07not yet calculatedCVE-2024-24304
[email protected]
[email protected]
prestashop — op’art_easy_redirectPrestaShop Op’art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher().2024-02-08not yet calculatedCVE-2023-50061
[email protected]
[email protected]
prestashop — rm_bookingcalendarSQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php.2024-02-07not yet calculatedCVE-2023-46914
[email protected]
purslane_ltd — rustdeskA default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor’s position is “we do not have EV cert, so we use test cert as a workaround.” Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation.2024-02-06not yet calculatedCVE-2024-25140
[email protected]
[email protected]
[email protected]
remyandrade — daily_habit_trackerCross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.2024-02-08not yet calculatedCVE-2024-24494
[email protected]
remyandrade — daily_habit_trackerAn issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.2024-02-08not yet calculatedCVE-2024-24496
[email protected]
reprise — license_management_softwareIncorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account.2024-02-03not yet calculatedCVE-2023-43183
[email protected]
[email protected]
reprise — license_management_softwareIncorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.2024-02-03not yet calculatedCVE-2023-44031
[email protected]
[email protected]
schuhfried — schuhfriedAn issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.2024-02-07not yet calculatedCVE-2023-38995
[email protected]
setor_informatica — s_i_lSetor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code.2024-02-08not yet calculatedCVE-2024-24034
[email protected]
sharp_nec_display_solutions_ltd — mutiple_productsSharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.2024-02-05not yet calculatedCVE-2023-7077
[email protected]
shenzen_tenda_technology — cp3v2An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.2024-02-07not yet calculatedCVE-2024-24488
[email protected]
sofware_publico — e-sic_livreFile Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.2024-02-08not yet calculatedCVE-2024-24350
[email protected]
[email protected]
sonicwall — sonicosAn improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040.2024-02-08not yet calculatedCVE-2024-22394
[email protected]
sourcecodester — event_student_attendance_systemSourcecodester Event Student Attendance System 1.0, allows SQL Injection via the ‘student’ parameter.2024-02-09not yet calculatedCVE-2024-25302
[email protected]
stimulsoft — stimulsoft_dashboardCross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.2024-02-05not yet calculatedCVE-2024-24396
[email protected]
[email protected]
[email protected]
stimulsoft — stimulsoft_dashboardDirectory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.2024-02-06not yet calculatedCVE-2024-24398
[email protected]
[email protected]
[email protected]
stock_management_system — stock_management_systemSQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.2024-02-05not yet calculatedCVE-2023-51951
[email protected]
supabase — databaseSupabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query.2024-02-08not yet calculatedCVE-2024-24213
[email protected]
[email protected]
[email protected]
[email protected]
superwebmailer — superwebmailerSuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.2024-02-07not yet calculatedCVE-2024-24131
[email protected]
symphony — symphonyAn issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.2024-02-05not yet calculatedCVE-2024-23049
[email protected]
tenda — ac9Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.2024-02-05not yet calculatedCVE-2024-24543
[email protected]
veeam — recovery_orchestratorVulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.2024-02-07not yet calculatedCVE-2024-22021
[email protected]
veeam — recovery_orchestratorVulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.2024-02-07not yet calculatedCVE-2024-22022
[email protected]
vim — vimVim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.2024-02-05not yet calculatedCVE-2024-22667
[email protected]
[email protected]
withsecure — withsecure_client_securityCertain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later.2024-02-08not yet calculatedCVE-2024-23764
[email protected]
[email protected]
xmall – xmallxmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.2024-02-06not yet calculatedCVE-2024-24112
[email protected]
xuxueli — xxl-jobxxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.2024-02-08not yet calculatedCVE-2024-24113
[email protected]
yealink — yealink_meeting_serverYealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface.2024-02-08not yet calculatedCVE-2024-24091
[email protected]
yzmcms — yzmcmsAn issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL.2024-02-06not yet calculatedCVE-2024-24291
[email protected]

Back to top

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: ,

You may have missed

Sliver C2

Sliver C2 Detected – 135[.]181[.]205[.]15:31337

May 8, 2024
covenant

CovenantC2 Detected – 45[.]41[.]187[.]220:7443

May 8, 2024
CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

May 8, 2024
CISA Logo

CISA: CISA Releases Eight Industrial Control Systems Advisories

May 8, 2024
CISA Logo

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

May 8, 2024