US-CERT Vulnerability Summary for the Week of January 1, 2024

January 8, 2024

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
7-card — fakabaoA vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7183
[email protected]
[email protected]
[email protected]
7-card — fakabaoA vulnerability was found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shop/notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249386 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7184
[email protected]
[email protected]
[email protected]
7-card — fakabaoA vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been classified as critical. This affects an unknown part of the file shop/wxpay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249387. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7185
[email protected]
[email protected]
[email protected]
7-card — fakabaoA vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been declared as critical. This vulnerability affects unknown code of the file member/notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7186
[email protected]
[email protected]
[email protected]
amazon-ion — ion-javaAmazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.2024-01-037.5CVE-2024-21634
[email protected]
apache — dolphinschedulerImproper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue.2023-12-308.8CVE-2023-49299
[email protected]
[email protected]
apktool — apktoolApktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files’ output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either username is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.2024-01-037.8CVE-2024-21633
[email protected]
[email protected]
campcodes — chic_beauty_salonA vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability.2023-12-298.8CVE-2023-7150
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — online_college_library_systemA vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249178 is the identifier assigned to this vulnerability.2023-12-299.8CVE-2023-7156
[email protected]
[email protected]
[email protected]
campcodes — online_college_library_systemA vulnerability, which was classified as critical, has been found in Campcodes Online College Library System 1.0. This issue affects some unknown processing of the file /admin/book_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249365 was assigned to this vulnerability.2023-12-307.2CVE-2023-7178
[email protected]
[email protected]
[email protected]
campcodes — online_college_library_systemA vulnerability classified as critical has been found in Campcodes Online College Library System 1.0. This affects an unknown part of the file /admin/return_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249363.2023-12-308.8CVE-2023-7176
[email protected]
[email protected]
[email protected]
campcodes — online_college_library_systemA vulnerability classified as critical was found in Campcodes Online College Library System 1.0. This vulnerability affects unknown code of the file /admin/book_add.php of the component HTTP POST Request Handler. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249364.2023-12-308.8CVE-2023-7177
[email protected]
[email protected]
[email protected]
campcodes — online_college_library_systemA vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Affected is an unknown function of the file /admin/category_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249366 is the identifier assigned to this vulnerability.2023-12-308.8CVE-2023-7179
[email protected]
[email protected]
[email protected]
cesanta — mjsAn issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.2024-01-027.5CVE-2023-49550
[email protected]
cesanta — mjsAn issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.2024-01-027.5CVE-2023-49551
[email protected]
cloudflare,_inc. — miniflareSending specially crafted HTTP requests to Miniflare’s server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.2023-12-298.1CVE-2023-7078
[email protected]
[email protected]
cloudflare,_inc. — wranglerThe V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev –remote was being used, an attacker could access production resources if they were bound to the worker. This issue was fixed in [email protected] and [email protected]. Whilst wrangler dev’s inspector server listens on local interfaces by default as of [email protected], an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7  (CVE-2023-7078) allowed access from the local network until [email protected]. [email protected] and [email protected] introduced validation for the Origin/Host headers.2023-12-298CVE-2023-7080
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
code-projects — client_details_systemA vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144.2023-12-299.8CVE-2023-7141
[email protected]
[email protected]
[email protected]
code-projects — client_details_systemA vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability.2023-12-299.8CVE-2023-7142
[email protected]
[email protected]
[email protected]
code-projects — college_notes_galleryA vulnerability has been found in code-projects College Notes Gallery 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument user leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249133 was assigned to this vulnerability.2023-12-318.8CVE-2023-7130
[email protected]
[email protected]
[email protected]
codeastro — online_food_ordering_systemA vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability.2024-01-057.3CVE-2024-0247
[email protected]
[email protected]
[email protected]
coolkit_technology — ewelink-smart_home_for_android_and_iosImproper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass. This issue affects eWeLink before 5.2.0.2023-12-307.7CVE-2023-6998
[email protected]
[email protected]
[email protected]
dedebiz — dedebizA vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-307.2CVE-2023-7181
[email protected]
[email protected]
[email protected]
documize — documizeSQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint.2023-12-299.8CVE-2023-23634
[email protected]
easy-rules-mvel — easy-rules-mveleasy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule.2023-12-297.8CVE-2023-50571
[email protected]
ekol_informatics — website_templateImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ekol Informatics Website Template allows SQL Injection. This issue affects Website Template: through 20231215.2024-01-029.8CVE-2023-6436
[email protected]
embras — geosiap_erpGrupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page.2023-12-309.8CVE-2023-50589
[email protected]
[email protected]
[email protected]
flarum — flarumFlarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe.2024-01-057.5CVE-2024-21641
[email protected]
[email protected]
[email protected]
follow-redirects — follow-redirectsVersions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.2024-01-027.3CVE-2023-26159
[email protected]
[email protected]
[email protected]
froxlor — froxlorFroxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.2024-01-037.5CVE-2023-50256
[email protected]
[email protected]
[email protected]
gm_information_technologies — multi-disciplinary_design_optimizationImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-299.8CVE-2023-4675
[email protected]
google — androidIn Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID: MOLY01161825 (MSV-895).2024-01-027.5CVE-2023-32889
[email protected]
google — google_nest_miniAn attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege 2024-01-0210CVE-2023-48419
[email protected]
google — pixel_watch In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value. This could lead to local escalation of privilege with no additional     execution privileges needed. User interaction is not needed for     exploitation2024-01-0210CVE-2023-48418
[email protected]
google — pixel_watchThere is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed.2024-01-028.4CVE-2023-4164
[email protected]
google — wifi_proGoogle Nest WiFi Pro root code-execution & user-data compromise2024-01-0210CVE-2023-6339
[email protected]
hcl_software — dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.  The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application.2024-01-038.8CVE-2023-45722
[email protected]
hcl_software — dryice_myxalyticsHCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication.2024-01-038.2CVE-2023-45724
[email protected]
hcl_software — dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.2024-01-038.3CVE-2023-50343
[email protected]
hcl_software — dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information.2024-01-038.2CVE-2023-50350
[email protected]
hcl_software — dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data.2024-01-038.2CVE-2023-50351
[email protected]
hcl_software — dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability.  Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.2024-01-037.6CVE-2023-45723
[email protected]
hcl_software — dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a “Missing Access Control” vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.2024-01-037.6CVE-2023-50341
[email protected]
hcl_software — dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A user can obtain certain details about another user as a result of improper access control.2024-01-037.1CVE-2023-50342
[email protected]
hihonor — magic_osSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.2023-12-297.5CVE-2023-23427
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_osSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.2023-12-297.5CVE-2023-23428
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_osSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.2023-12-297.5CVE-2023-23429
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_osSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file2023-12-297.1CVE-2023-23435
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_osSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file2023-12-297.1CVE-2023-23436
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_osSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.2023-12-297.1CVE-2023-23442
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_osSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.2023-12-297.1CVE-2023-23443
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_osSome Honor products are affected by type confusion vulnerability; successful exploitation could cause information leak.2023-12-297.1CVE-2023-51426
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_osSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.2023-12-297.1CVE-2023-51427
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_osSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.2023-12-297.1CVE-2023-51428
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_uiSome Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution.2023-12-297.8CVE-2023-51434
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_uiSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.2023-12-297.1CVE-2023-51435
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magichomeSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.2023-12-297.5CVE-2023-23430
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — nth-an00_firmwareSome Honor products are affected by file writing vulnerability, successful exploitation could cause code execution2023-12-299.8CVE-2023-23424
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — nth-an00_firmwareSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.2023-12-297.1CVE-2023-23431
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — nth-an00_firmwareSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.2023-12-297.1CVE-2023-23432
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — nth-an00_firmwareSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.2023-12-297.1CVE-2023-23433
3836d913-7555-4dd0-a509-f5667fdf5fe4
hitachi_energy — rtu500_series_cmu_firmwareA vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.2024-01-047.5CVE-2022-2081
[email protected]
hospital_management_system — hospital_management_systemA vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356.2023-12-307.3CVE-2023-7172
[email protected]
[email protected]
[email protected]
[email protected]
jeecg — jeecg_bootSQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.2023-12-309.8CVE-2023-41542
[email protected]
jeecg — jeecg_bootSQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.2023-12-309.8CVE-2023-41543
[email protected]
[email protected]
jeecg — jeecg_bootSSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.2023-12-309.8CVE-2023-41544
[email protected]
kashipara_group — billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘itemnameid’ parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49622
[email protected]
[email protected]
kashipara_group — billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘cancelid’ parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49624
[email protected]
[email protected]
kashipara_group — billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49625
[email protected]
[email protected]
kashipara_group — billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘buyer_address’ parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49633
[email protected]
[email protected]
kashipara_group — billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘customer_details’ parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49639
[email protected]
[email protected]
kashipara_group — billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘bank_details’ parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49658
[email protected]
[email protected]
kashipara_group — billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘quantity[]’ parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49665
[email protected]
[email protected]
kashipara_group — billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘custmer_details’ parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49666
[email protected]
[email protected]
kashipara_group — online_notice_board_systemOnline Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘dd’ parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50743
[email protected]
[email protected]
kashipara_group — online_notice_board_systemOnline Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘e’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50752
[email protected]
[email protected]
kashipara_group — online_notice_board_systemOnline Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘dd’ parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50753
[email protected]
[email protected]
kashipara_group — online_notice_board_systemOnline Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the ‘f’ parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.2024-01-048.8CVE-2023-50760
[email protected]
[email protected]
kashipara_group — travel_websiteTravel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘hotelIDHidden’ parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50862
[email protected]
[email protected]
kashipara_group — travel_websiteTravel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘hotelIDHidden’ parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50863
[email protected]
[email protected]
kashipara_group — travel_websiteTravel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘hotelId’ parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50864
[email protected]
[email protected]
kashipara_group — travel_websiteTravel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘city’ parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50865
[email protected]
[email protected]
kashipara_group — travel_websiteTravel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50866
[email protected]
[email protected]
kashipara_group — travel_websiteTravel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50867
[email protected]
[email protected]
laf — lafLaf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.2024-01-039.6CVE-2023-50253
[email protected]
[email protected]
lenovo — universal_device_clientUncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.2024-01-037.8CVE-2023-6338
[email protected]
linux — kernelA flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial-of-service condition or potential code execution.2024-01-047CVE-2023-6270
[email protected]
[email protected]
linux — kernelA use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.2024-01-027.8CVE-2024-0193
[email protected]
[email protected]
man-group — dtaleD-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users.2024-01-057.5CVE-2024-21642
[email protected]
[email protected]
[email protected]
masterlab — masterlabA vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249147.2023-12-299.8CVE-2023-7144
[email protected]
[email protected]
[email protected]
masterlab — masterlabA vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249148.2023-12-299.8CVE-2023-7145
[email protected]
[email protected]
[email protected]
masterlab — masterlabA vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability.2023-12-299.8CVE-2023-7146
[email protected]
[email protected]
[email protected]
masterlab — masterlabA vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability.2023-12-299.8CVE-2023-7147
[email protected]
[email protected]
[email protected]
masterlab — masterlabA vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249181 was assigned to this vulnerability.2023-12-299.8CVE-2023-7159
[email protected]
[email protected]
[email protected]
[email protected]
mattermost — mattermostMattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.2023-12-298.8CVE-2023-7114
[email protected]
mediatek — lr13In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893).2024-01-029.8CVE-2023-32874
[email protected]
mediatek — lr13In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963).2024-01-027.5CVE-2023-32890
[email protected]
mediatek — nr15In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807.2024-01-027.5CVE-2023-32886
[email protected]
mediatek — nr15In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892).2024-01-027.5CVE-2023-32887
[email protected]
mediatek — nr15In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894).2024-01-027.5CVE-2023-32888
[email protected]
micropython — micropythonA vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.2023-12-299.8CVE-2023-7152
[email protected]
[email protected]
[email protected]
[email protected]
micropython — micropythonA vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.2023-12-299.8CVE-2023-7158
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
microsoft — python_extensionVisual Studio Code Python Extension Remote Code Execution Vulnerability2023-12-297.8CVE-2020-17163
[email protected]
misskey — misskeyMisskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L811) or [secure](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L805) without the user’s permission and perform operations such as reading or adding non-public content. As a result, if the user who authenticated the application is an administrator, confidential information such as object storage secret keys and SMTP server passwords will be leaked, and general users can also create invitation codes without permission and leak non-public user information. This is patched in version [2023.12.1](https://github.com/misskey-dev/misskey/commit/c96bc36fedc804dc840ea791a9355d7df0748e64).2023-12-299.6CVE-2023-52139
[email protected]
[email protected]
mtab — bookmarkA vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249395. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.1CVE-2023-7193
[email protected]
[email protected]
[email protected]
netentsec — application_security_gateway_firmwareA vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183.2023-12-299.8CVE-2023-7161
[email protected]
[email protected]
[email protected]
omniauth-microsoft_graph — omniauth-microsoft_graphomniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue.2024-01-028.6CVE-2024-21632
[email protected]
[email protected]
[email protected]
otclient — otclientOTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient “`Analysis – SonarCloud`” workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue.2024-01-029.8CVE-2024-21623
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
paddlepaddle — paddlepaddleStack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.2024-01-039.8CVE-2023-52304
[email protected]
paddlepaddle — paddlepaddleStack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.2024-01-039.8CVE-2023-52307
[email protected]
paddlepaddle — paddlepaddleHeap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.2024-01-039.8CVE-2023-52309
[email protected]
paddlepaddle — paddlepaddlePaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.2024-01-039.8CVE-2023-52310
[email protected]
paddlepaddle — paddlepaddlePaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.2024-01-039.8CVE-2023-52311
[email protected]
paddlepaddle — paddlepaddlePaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.2024-01-039.8CVE-2023-52314
[email protected]
paddlepaddle — paddlepaddleFPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-38674
[email protected]
paddlepaddle — paddlepaddleFPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-38675
[email protected]
paddlepaddle — paddlepaddleNullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-38676
[email protected]
paddlepaddle — paddlepaddleFPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-38677
[email protected]
paddlepaddle — paddlepaddleOOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-38678
[email protected]
paddlepaddle — paddlepaddleNullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52302
[email protected]
paddlepaddle — paddlepaddleNullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52303
[email protected]
paddlepaddle — paddlepaddleFPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52305
[email protected]
paddlepaddle — paddlepaddleFPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52306
[email protected]
paddlepaddle — paddlepaddleFPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52308
[email protected]
paddlepaddle — paddlepaddleNullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52312
[email protected]
paddlepaddle — paddlepaddleFPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52313
[email protected]
pandorafms — pandora_fmsImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774.2023-12-298.8CVE-2023-44088
[email protected]
perl — perlA vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.2024-01-027.8CVE-2023-47039
[email protected]
[email protected]
[email protected]
poly — multiple_productsA vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.2023-12-297.5CVE-2023-4463
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
poly — multiple_productsA vulnerability, which was classified as critical, has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability.2023-12-297.2CVE-2023-4464
[email protected]
[email protected]
[email protected]
[email protected]
poly — trio_8800/trio_c60A vulnerability was found in Poly Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability.2023-12-297.6CVE-2023-4468
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
prestashop — prestashopPrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`.2024-01-028.1CVE-2024-21627
[email protected]
[email protected]
[email protected]
priva — topcontrol_suiteThe Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.2024-01-027.5CVE-2022-3010
[email protected]
[email protected]
[email protected]
qnap_systems_inc. — qts/quts_heroA prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later2024-01-057.5CVE-2023-39296
[email protected]
qnap_systems_inc. — qumagieAn OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later2024-01-057.4CVE-2023-47560
[email protected]
qnap_systems_inc. — video_stationAn OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later2024-01-058.8CVE-2023-41288
[email protected]
qualcomm,_inc. — snapdragonMemory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.2024-01-029.8CVE-2023-33025
[email protected]
qualcomm,_inc. — snapdragonMemory corruption in HLOS while running playready use-case.2024-01-029.3CVE-2023-33030
[email protected]
qualcomm,_inc. — snapdragonMemory corruption in TZ Secure OS while requesting a memory allocation from TA region.2024-01-029.3CVE-2023-33032
[email protected]
qualcomm,_inc. — snapdragonMemory corruption in Audio during playback with speaker protection.2024-01-028.4CVE-2023-33033
[email protected]
qualcomm,_inc. — snapdragonMemory corruption while running VK synchronization with KASAN enabled.2024-01-028.4CVE-2023-33094
[email protected]
qualcomm,_inc. — snapdragonMemory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.2024-01-028.4CVE-2023-33108
[email protected]
qualcomm,_inc. — snapdragonMemory corruption when resource manager sends the host kernel a reply message with multiple fragments.2024-01-028.4CVE-2023-33113
[email protected]
qualcomm,_inc. — snapdragonMemory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.2024-01-028.4CVE-2023-33114
[email protected]
qualcomm,_inc. — snapdragonMemory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.2024-01-028.4CVE-2023-43514
[email protected]
qualcomm,_inc. — snapdragonInformation disclosure in Core services while processing a Diag command.2024-01-027.6CVE-2023-33014
[email protected]
qualcomm,_inc. — snapdragonPermanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.2024-01-027.1CVE-2023-33036
[email protected]
qualcomm,_inc. — snapdragonCryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.2024-01-027.1CVE-2023-33037
[email protected]
qualcomm,_inc. — snapdragonTransient DOS in Data Modem during DTLS handshake.2024-01-027.5CVE-2023-33040
[email protected]
qualcomm,_inc. — snapdragonTransient DOS in WLAN Firmware while parsing a BTM request.2024-01-027.5CVE-2023-33062
[email protected]
qualcomm,_inc. — snapdragonMemory corruption in wearables while processing data from AON.2024-01-027.8CVE-2023-33085
[email protected]
qualcomm,_inc. — snapdragonTransient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.2024-01-027.5CVE-2023-33109
[email protected]
qualcomm,_inc. — snapdragonThe session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback – PCM close and reset session index causing memory corruption.2024-01-027.8CVE-2023-33110
[email protected]
qualcomm,_inc. — snapdragonTransient DOS when WLAN firmware receives “reassoc response” frame including RIC_DATA element.2024-01-027.5CVE-2023-33112
[email protected]
qualcomm,_inc. — snapdragonTransient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.2024-01-027.5CVE-2023-33116
[email protected]
qualcomm,_inc. — snapdragonMemory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.2024-01-027.8CVE-2023-33117
[email protected]
qualcomm,_inc. — snapdragonMemory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.2024-01-027.8CVE-2023-33118
[email protected]
qualcomm,_inc. — snapdragonMemory corruption in Audio when memory map command is executed consecutively in ADSP.2024-01-027.8CVE-2023-33120
[email protected]
qualcomm,_inc. — snapdragonTransient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.2024-01-027.5CVE-2023-43511
[email protected]
qualcomm,_inc. — snapdragonTransient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.2024-01-027.5CVE-2023-43512
[email protected]
red_hat — red_hat_developer_hubA flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.2024-01-047.3CVE-2023-6944
[email protected]
[email protected]
s-cms — s-cmsA vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7189
[email protected]
[email protected]
[email protected]
s-cms — s-cmsA vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7190
[email protected]
[email protected]
[email protected]
s-cms — s-cmsA vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7191
[email protected]
[email protected]
[email protected]
scone — sconeImproper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.2023-12-307.8CVE-2022-46487
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
shifuml — shifuA vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151.2023-12-298.1CVE-2023-7148
[email protected]
[email protected]
[email protected]
shipping_100_fahuo100 — shipping_100_fahuo100A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file member/login.php. The manipulation of the argument M_pwd leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-249390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.1CVE-2023-7188
[email protected]
[email protected]
[email protected]
sidequestvr — sidequestSideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.2024-01-048.8CVE-2024-21625
[email protected]
siemens — syngo_fastviewA vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15097)2024-01-047.8CVE-2021-40367
[email protected]
siemens — syngo_fastviewA vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14860)2024-01-047.8CVE-2021-42028
[email protected]
siemens — syngo_fastviewA vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696)2024-01-047.8CVE-2021-45465
[email protected]
silicon_labs — gecko_sdkAn unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.2024-01-029.3CVE-2023-4280
[email protected]
[email protected]
small_crm — small_crmPHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of “password” parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.2023-12-299.8CVE-2023-50035
[email protected]
sourcecodester — customer_support_systemSourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.2023-12-298.8CVE-2023-50070
[email protected]
[email protected]
sourcecodester — customer_support_systemSourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.2023-12-298.8CVE-2023-50071
[email protected]
[email protected]
sourcecodester — engineers_online_portalA vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440.2024-01-017.3CVE-2024-0182
[email protected]
[email protected]
sourcecodester — free_and_open_source_inventory_management_systemA vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sell_return_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249179.2023-12-299.8CVE-2023-7157
[email protected]
[email protected]
[email protected]
sourcecodester — free_and_open_source_inventory_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249177 was assigned to this vulnerability.2023-12-298.8CVE-2023-7155
[email protected]
[email protected]
[email protected]
sqlite — sqlite3A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.2023-12-299.8CVE-2023-7104
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
tencent — tencent_distributed_sqlTencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387.2023-12-317.5CVE-2023-52286
[email protected]
testlink — testlinkTestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.2023-12-307.5CVE-2023-50110
[email protected]
tj-actions — verify-changed-filesThe [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands, an attacker may be able to steal secrets such as `GITHUB_TOKEN` if triggered on other events than `pull_request`. This has been patched in versions [17](https://github.com/tj-actions/verify-changed-files/releases/tag/v17) and [17.0.0](https://github.com/tj-actions/verify-changed-files/releases/tag/v17.0.0) by enabling `safe_output` by default and returning filename paths escaping special characters for bash environments.2023-12-297.7CVE-2023-52137
[email protected]
[email protected]
[email protected]
totolink — n350rt_firmwareA vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7187
[email protected]
[email protected]
[email protected]
totolink — x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute.2023-12-309.8CVE-2023-51133
[email protected]
[email protected]
totolink — x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup.2023-12-309.8CVE-2023-51135
[email protected]
[email protected]
totolink — x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule.2023-12-309.8CVE-2023-51136
[email protected]
[email protected]
totolink — x6000r_firmwareTOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.2023-12-309.8CVE-2023-50651
[email protected]
[email protected]
unified_remote — unified_remoteUnified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.2023-12-309.8CVE-2023-52252
[email protected]
[email protected]
ween_software — admin_panelImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-299.8CVE-2023-4541
[email protected]
wireshark_foundation — wiresharkHTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file2024-01-037.8CVE-2024-0207
[email protected]
[email protected]
wireshark_foundation — wiresharkGVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file2024-01-037.8CVE-2024-0208
[email protected]
[email protected]
wireshark_foundation — wiresharkIEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file2024-01-037.8CVE-2024-0209
[email protected]
[email protected]
wireshark_foundation — wiresharkZigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file2024-01-037.8CVE-2024-0210
[email protected]
[email protected]
wireshark_foundation — wiresharkDOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file2024-01-037.8CVE-2024-0211
[email protected]
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin. This issue affects JS Help Desk – Best Help Desk & Support Plugin through 2.7.1.2024-01-0510CVE-2022-46839
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN. This issue affects WP MLM SOFTWARE PLUGIN through 4.0.2023-12-2910CVE-2023-51475
[email protected]
wordpress — wordpressImproper Control of Generation of Code (‘Code Injection’) vulnerability in David F. Carr RSVPMaker. This issue affects RSVPMaker through 10.6.6.2023-12-299.8CVE-2023-25054
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps. This issue affects Frontend Admin by DynamiApps through 3.18.3.2023-12-299.8CVE-2023-51411
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms. This issue affects Piotnet Forms through 1.0.25.2023-12-299.8CVE-2023-51412
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters. This issue affects EnvíaloSimple: Email Marketing y Newslettersthrough 2.1.2023-12-299.8CVE-2023-51414
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome. This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome through 1.11.10.7.2023-12-299.8CVE-2023-51419
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce through 4.5.2.2023-12-299.9CVE-2023-51421
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition through 3.05.0.2023-12-319.8CVE-2023-51423
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site. This issue affects Rencontre – Dating Site through 3.10.1.2023-12-299.8CVE-2023-51468
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mestres do WP Checkout Mestres WP. This issue affects Checkout Mestres WP through 7.1.9.6.2023-12-319.8CVE-2023-51469
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin. This issue affects TerraClassifieds – Simple Classifieds Plugin through 2.0.3.2023-12-299.8CVE-2023-51473
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store. This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store through 1.0.6.2023-12-299.8CVE-2023-51505
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in Presslabs Theme per user. This issue affects Theme per userthrough 1.0.1.2023-12-319.8CVE-2023-52181
[email protected]
wordpress — wordpressMissing Authorization vulnerability in Anders Thorborg. This issue affects Anders Thorborg through 1.4.12.2023-12-298.8CVE-2023-22676
[email protected]
wordpress — wordpressImproper Control of Generation of Code (‘Code Injection’) vulnerability in BinaryStash WP Booklet. This issue affects WP Booklet through 2.1.8.2023-12-298.8CVE-2023-22677
[email protected]
wordpress — wordpressImproper Control of Generation of Code (‘Code Injection’) vulnerability in Milan Dini? Rename Media Files. This issue affects Rename Media Files through 1.0.1.2023-12-298.8CVE-2023-32095
[email protected]
wordpress — wordpressImproper Control of Generation of Code (‘Code Injection’) vulnerability in Crocoblock JetElements For Elementor. This issue affects JetElements For Elementor through 2.6.10.2023-12-318.8CVE-2023-39157
[email protected]
wordpress — wordpressImproper Control of Generation of Code (‘Code Injection’) vulnerability in TienCOP WP EXtra. This issue affects WP EXtra through 6.2.2023-12-298.8CVE-2023-46623
[email protected]
wordpress — wordpressImproper Control of Generation of Code (‘Code Injection’) vulnerability in Qode Interactive Qode Essential Addons. This issue affects Qode Essential Addons through 1.5.2.2023-12-298.8CVE-2023-47840
[email protected]
wordpress — wordpressImproper Control of Generation of Code (‘Code Injection’) vulnerability in Brainstorm Force Astra Pro. This issue affects Astra Pro through 4.3.1.2023-12-298.8CVE-2023-49830
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API. This issue affects MStore API through 4.10.1.2023-12-298.8CVE-2023-50878
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve. This issue affects New User Approve through 2.5.1.2023-12-298.8CVE-2023-50902
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking. This issue affects Appointment & Event Booking Calendar Plugin – Webba Booking through 4.5.33.2023-12-298.8CVE-2023-51354
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms. This issue affects Block IPs for Gravity Forms through 1.0.1.2023-12-298.8CVE-2023-51358
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder. This issue affects Rise Blocks – A Complete Gutenberg Page Builder through 3.1.2023-12-298.8CVE-2023-51378
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder. This issue affects Ultimate Addons for WPBakery Page Builder through 3.19.17.2023-12-298.8CVE-2023-51402
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log. This issue affects WP Mail Log through 1.1.2.2023-12-298.8CVE-2023-51410
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons. This issue affects JVM Gutenberg Rich Text Icons through 1.2.3.2023-12-298.8CVE-2023-51417
[email protected]
wordpress — wordpressImproper Control of Generation of Code (‘Code Injection’) vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce through 4.5.2.2023-12-298.8CVE-2023-51420
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition through 3.05.0.2023-12-298.8CVE-2023-51422
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site. This issue affects Rencontre – Dating Site through 3.11.1.2023-12-298.8CVE-2023-51470
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments. This issue affects Job Manager & Career – Manage job board listings, and recruitments through 1.4.4.2023-12-298.8CVE-2023-51545
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WhileTrue Most And Least Read Posts Widget. This issue affects Most And Least Read Posts Widget through 2.5.16.2023-12-318.8CVE-2023-52133
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor. This issue affects Dynamic Content for Elementor before 2.12.5.2024-01-058.8CVE-2023-52150
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder. This issue affects ARI Stream Quiz – WordPress Quizzes Builder through 1.3.0.2023-12-318.8CVE-2023-52182
[email protected]
wordpress — wordpressThe OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin’s settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched.2024-01-038.6CVE-2023-6600
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange’s Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login. This issue affects miniOrange’s Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login through 5.6.1.2023-12-297.5CVE-2022-44589
[email protected]
wordpress — wordpressImproper Control of Generation of Code (‘Code Injection’) vulnerability in Kanban for WordPress Kanban Boards for WordPress. This issue affects Kanban Boards for WordPress through 2.5.21.2023-12-297.2CVE-2023-40606
[email protected]
wordpress — wordpressImproper Control of Generation of Code (‘Code Injection’) vulnerability in POSIMYTH Nexter Extension. This issue affects Nexter Extension through 2.0.3.2023-12-297.2CVE-2023-45751
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form. This issue affects Login Lockdown – Protect Login Form through 2.06.2023-12-297.2CVE-2023-50837
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway. This issue affects WooCommerce Stripe Payment Gateway through 7.6.1.2024-01-057.5CVE-2023-51502
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo through 6.9.2.2023-12-317.5CVE-2023-51503
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4. This issue affects AI Power: Complete AI Pack – Powered by GPT-4 through 1.8.2.2023-12-297.5CVE-2023-51527
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin. This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin through 1.7.6.2023-12-317.2CVE-2023-51547
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple. This issue affects Product Catalog Simple through 1.7.6.2023-12-297.5CVE-2023-51687
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress. This issue affects eCommerce Product Catalog Plugin for WordPress through 3.3.26.2023-12-297.5CVE-2023-51688
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Zinc Page Generator. This issue affects Page Generator through 1.7.1.2023-12-317.2CVE-2023-52131
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jewel Theme WP Adminify. This issue affects WP Adminify through 3.1.6.2023-12-317.2CVE-2023-52132
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Eyal Fitoussi GEO my WordPress. This issue affects GEO my WordPress through 4.0.2.2023-12-317.2CVE-2023-52134
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress. This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress through 1.9.170.2023-12-297.2CVE-2023-52135
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout. This issue affects WP Stripe Checkout through 1.2.2.37.2024-01-057.5CVE-2023-52143
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes. This issue affects Recipe Maker For Your Food Blog from Zip Recipes through 8.1.0.2023-12-317.6CVE-2023-52180
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin. This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin through 2.1.9.2023-12-317.5CVE-2023-52185
[email protected]
wordpress — wordpressThe POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-037.2CVE-2023-7027
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpress
 		Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons. This issue affects YITH WooCommerce Product Add-Ons through 4.3.0.2023-12-319.1CVE-2023-49777
[email protected]
xnview — xnview_classicXnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0.2023-12-299.8CVE-2023-52173
[email protected]
[email protected]
xnview — xnview_classicXnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6.2023-12-299.8CVE-2023-52174
[email protected]
[email protected]
yaztek_software_technologies_and_computer_systems — e-commerce_software
 		Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-299.8CVE-2023-4674
[email protected]
zzcms — zzcmsZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code.2023-12-299.8CVE-2023-50104
[email protected]

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
antisamy-dotnet — antisamy-dotnetOWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy’s sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`, if present. Also, it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `<tagrules>` node or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don’t address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.2024-01-026.1CVE-2023-51652
[email protected]
[email protected]
[email protected]
campcodes — online_college_library_systemA vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249362 is the identifier assigned to this vulnerability.2023-12-304.7CVE-2023-7175
[email protected]
[email protected]
[email protected]
cloudflare,_inc. — wranglerSending specially crafted HTTP requests and inspector messages to Wrangler’s dev server could result in any file on the user’s computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.2023-12-295.7CVE-2023-7079
[email protected]
[email protected]
[email protected]
cloudflare,_inc. — zlibCloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.2024-01-044CVE-2023-6992
[email protected]
[email protected]
code-projects — client_details_systemA vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability.2023-12-294.8CVE-2023-7143
[email protected]
[email protected]
[email protected]
code-projects — qr_code_generatorA vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input “><iMg src=N onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249153 was assigned to this vulnerability.2023-12-296.1CVE-2023-7149
[email protected]
[email protected]
[email protected]
codeastro — internet_banking_systemA vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability.2024-01-026.3CVE-2024-0194
[email protected]
[email protected]
[email protected]
craft_cms — craft_cmsCraft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.2024-01-035.4CVE-2024-21622
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
cubefs — cubefsCubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to control the amount of memory that the ObjectNode would allocate. A malicious request could make the ObjectNode allocate more memory that the machine had available, and the attacker could exhaust memory by way of a single malicious request. An attacker would need to be authenticated in order to invoke the vulnerable code with their malicious request and have permissions to delete objects. In addition, the attacker would need to know the names of existing buckets of the CubeFS deployment – otherwise the request would be rejected before it reached the vulnerable code. As such, the most likely attacker is an inside user or an attacker that has breached the account of an existing user in the cluster. The issue has been patched in v3.3.1. There is no other mitigation besides upgrading.2024-01-036.5CVE-2023-46738
[email protected]
[email protected]
cubefs — cubefsCubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the UserService of the master component. The UserService gets instantiated when starting the server of the master component. The issue has been patched in v3.3.1. For impacted users, there is no other way to mitigate the issue besides upgrading.2024-01-036.5CVE-2023-46739
[email protected]
[email protected]
cubefs — cubefsCubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the “accessKey”. To create the “accesKey”, CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade.2024-01-036.5CVE-2023-46740
[email protected]
[email protected]
cubefs — cubefsCubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys could allow anyone to carry out operations on blobs that they otherwise do not have permissions for. For example, an attacker that has successfully retrieved a secret key from the logs can delete blogs from the blob store. The attacker can either be an internal user with limited privileges to read the log, or they can be an external user who has escalated privileges sufficiently to access the logs. The vulnerability has been patched in v3.3.1. There is no other mitigation than upgrading.2024-01-034.8CVE-2023-46741
[email protected]
[email protected]
cubefs — cubefsCubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak user’s secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the user’s secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS.2024-01-034.8CVE-2023-46742
[email protected]
[email protected]
google — androidIn keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607.2024-01-026.7CVE-2023-32872
[email protected]
google — androidIn battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070.2024-01-026.7CVE-2023-32877
[email protected]
google — androidIn battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064.2024-01-026.7CVE-2023-32879
[email protected]
google — androidIn battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616.2024-01-026.7CVE-2023-32882
[email protected]
google — androidIn Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249.2024-01-026.7CVE-2023-32883
[email protected]
google — androidIn netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.2024-01-026.7CVE-2023-32884
[email protected]
google — androidIn display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685.2024-01-026.7CVE-2023-32885
[email protected]
google — androidIn bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559.2024-01-026.7CVE-2023-32891
[email protected]
google — androidIn keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217.2024-01-024.4CVE-2023-32875
[email protected]
google — androidIn keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612.2024-01-024.4CVE-2023-32876
[email protected]
google — androidIn battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992.2024-01-024.4CVE-2023-32878
[email protected]
google — androidIn battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308076.2024-01-024.4CVE-2023-32880
[email protected]
google — androidIn battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308080.2024-01-024.4CVE-2023-32881
[email protected]
hail — hailHail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from ID tokens to verify the validity of a user’s domain, but because users have the ability to change their email address, they could create accounts and use resources in clusters that they should not have access to. For example, a user could create a Microsoft or Google account and then change their email to `[email protected]`. This account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is `example.org`. The attacker is not able to access private data or impersonate another user, but they would have the ability to run jobs if Hail Batch billing projects are enabled and create Azure Tenants if they have Azure Active Directory Administrator access.2023-12-295.3CVE-2023-51663
[email protected]
hcl_software — dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.2024-01-035.4CVE-2023-50344
[email protected]
hihonor — fri-an00_firmwareSome Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure.2023-12-295.5CVE-2023-23426
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — honorboardappSome Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak.2023-12-295.5CVE-2023-23434
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — lge-an00_firmwareSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions2023-12-295.5CVE-2023-23438
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — lge-an00_firmwareSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.2023-12-295.5CVE-2023-23439
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — lge-an00_firmwareSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.2023-12-295.5CVE-2023-23440
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_osSome Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause information leak.2023-12-295.5CVE-2023-51429
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_uiSome Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.2023-12-295.5CVE-2023-23441
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_uiSome Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause information leak.2023-12-295.5CVE-2023-51430
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_uiSome Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.2023-12-295.5CVE-2023-51432
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_uiSome Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause information leak.2023-12-295.5CVE-2023-51433
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_uiSome Honor products are affected by type confusion vulnerability; successful exploitation could cause denial of service.2023-12-295.5CVE-2023-6939
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — phoneserviceSome Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause device service exceptions.2023-12-295.5CVE-2023-51431
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — vmallSome Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak2023-12-295.5CVE-2023-23437
3836d913-7555-4dd0-a509-f5667fdf5fe4
hitachi_energy — multiple_productsA vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.2024-01-044.5CVE-2022-3864
[email protected]
hospital_management_system — hospital_management_systemA vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability.2023-12-304.3CVE-2023-7173
[email protected]
[email protected]
[email protected]
[email protected]
icewarp — icewarpA vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27″()%26%25<zzz><ScRiPt>alert(document.domain)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-054.3CVE-2024-0246
[email protected]
[email protected]
ipaddress — ipaddressAn issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop.2023-12-295.5CVE-2023-50570
[email protected]
jline — jlineAn issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error.2023-12-295.5CVE-2023-50572
[email protected]
kernelsu — kernelsuKernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available.2024-01-026.7CVE-2023-49794
[email protected]
[email protected]
kruise — kruiseKruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the “captured” secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.2024-01-036.5CVE-2023-30617
[email protected]
lenovo — lenovo_browser_mobileA vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.2024-01-036.5CVE-2023-6540
[email protected]
libredwg — libredwgVersions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.2024-01-025.5CVE-2023-26157
[email protected]
[email protected]
[email protected]
linux — kernelA memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.2024-01-026.1CVE-2023-7192
[email protected]
[email protected]
[email protected]
logobee — logobeeLogoBee 0.2 allows updates.php?id= XSS.2023-12-306.1CVE-2023-52257
[email protected]
magic-api — magic-apiA vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511.2024-01-026.3CVE-2024-0196
[email protected]
[email protected]
[email protected]
mattermost — mattermostMattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client.2023-12-296.1CVE-2023-7113
[email protected]
mattermost — mattermostMattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.2024-01-024.3CVE-2023-47858
[email protected]
mattermost — mattermostMattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.2024-01-024.3CVE-2023-48732
[email protected]
mdaemon — securitygatewayMDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators.2023-12-314.8CVE-2023-52269
[email protected]
[email protected]
mediatek — software_development_kitIn wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.2024-01-025.5CVE-2023-32831
[email protected]
moxa– oncell_g3150a-lte_seriesA clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This vulnerability may lead the attacker to trick the user into interacting with the application.2023-12-315.3CVE-2023-6093
[email protected]
moxa– oncell_g3150a-lte_seriesA vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.2023-12-315.3CVE-2023-6094
[email protected]
novel-plus — novel-plusA vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c62da9bb3a9b3603014d0edb436146512631100d. It is recommended to apply a patch to fix this issue. The identifier VDB-249201 was assigned to this vulnerability.2023-12-295.4CVE-2023-7166
[email protected]
[email protected]
[email protected]
[email protected]
novel-plus — novel-plusA vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6093d8182362422370d7eaf6c53afde9ee45215. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249307.2023-12-294.8CVE-2023-7171
[email protected]
[email protected]
[email protected]
[email protected]
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability.2024-01-026.3CVE-2024-0192
[email protected]
[email protected]
[email protected]
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.2024-01-025.3CVE-2024-0191
[email protected]
[email protected]
[email protected]
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443.2024-01-024.7CVE-2024-0185
[email protected]
[email protected]
[email protected]
ocsinventory — ocsinventoryOCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.2024-01-044.9CVE-2023-3726
[email protected]
[email protected]
openharmony — openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources2024-01-025.5CVE-2023-47216
[email protected]
openharmony — openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer.2024-01-025.5CVE-2023-47857
[email protected]
openharmony — openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.2024-01-025.5CVE-2023-48360
[email protected]
openharmony — openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.2024-01-025.5CVE-2023-49135
[email protected]
openxiangshan — xiangshanAn issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache.2023-12-305.5CVE-2023-50559
[email protected]
[email protected]
own_health_record — own_health_recordA vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 0.4-alpha is able to address this issue. The patch is named 58b413aa40820b49070782c786c526850ab7748f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249191.2023-12-304.3CVE-2018-25096
[email protected]
[email protected]
[email protected]
[email protected]
pandora_fms — pandora_fmsImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774.2023-12-296.1CVE-2023-41813
[email protected]
pandora_fms — pandora_fmsImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774.2023-12-296.1CVE-2023-41814
[email protected]
pandora_fms — pandora_fmsImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774.2023-12-296.1CVE-2023-41815
[email protected]
pandora_fms — pandora_fmsImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774.2023-12-296.1CVE-2023-44089
[email protected]
poly — multiple_productsA vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.2023-12-296.5CVE-2023-4465
[email protected]
[email protected]
[email protected]
[email protected]
poly — multiple_productsA vulnerability classified as problematic has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.2023-12-295.9CVE-2023-4462
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
poly — multiple_productsA vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259.2023-12-294.9CVE-2023-4466
[email protected]
[email protected]
[email protected]
[email protected]
poly — trio_8800_firmwareA vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260.2023-12-296.6CVE-2023-4467
[email protected]
[email protected]
[email protected]
[email protected]
prestashop — prestashopPrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig’s escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue.2024-01-025.4CVE-2024-21628
[email protected]
[email protected]
qemu — qemuA stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.2024-01-024.9CVE-2023-6693
[email protected]
[email protected]
qnap_systems_inc. — qcalagentAn OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later2024-01-056.3CVE-2023-41289
[email protected]
qnap_systems_inc. — qts/quts_heroAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later2024-01-056.6CVE-2023-39294
[email protected]
qnap_systems_inc. — qumagieA cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later2024-01-055.5CVE-2023-47559
[email protected]
qnap_systems_inc. — video_stationA SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later2024-01-054.3CVE-2023-41287
[email protected]
qualcomm,_inc. — snapdragonMemory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.2024-01-026.7CVE-2023-28583
[email protected]
qualcomm,_inc. — snapdragonMemory corruption while receiving a message in Bus Socket Transport Server.2024-01-026.7CVE-2023-33038
[email protected]
rust-ethereum — rust-ethereumRust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available.2024-01-025.9CVE-2024-21629
[email protected]
[email protected]
[email protected]
[email protected]
rust-vmm — rust-vmmvmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rust-unsafe code. This ensures that users cannot trigger out-of-bounds memory access from Rust-safe code.2024-01-025.7CVE-2023-50711
[email protected]
[email protected]
samsung_mobile — nearby_device_scanningImproper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.2024-01-044CVE-2024-20808
[email protected]
samsung_mobile — nearby_device_scanningImproper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.2024-01-044CVE-2024-20809
[email protected]
samsung_mobile — samsung_mobile_devicesImproper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.2024-01-046.8CVE-2024-20803
[email protected]
samsung_mobile — samsung_mobile_devicesImproper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.2024-01-046.2CVE-2024-20806
[email protected]
samsung_mobile — samsung_mobile_devicesImproper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users&#39; notification in a multi-user environment.2024-01-044.6CVE-2024-20802
[email protected]
samsung_mobile — samsung_mobile_devicesPath traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.2024-01-044CVE-2024-20804
[email protected]
sesami — cash_point_&_transport_optimizerAn issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via “Back Button Refresh” attack.2023-12-295.5CVE-2023-31292
[email protected]
sesami — cash_point_&_transport_optimizerCSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field.2023-12-295.3CVE-2023-31296
[email protected]
sesami — cash_point_&_transport_optimizerCross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user.2023-12-294.8CVE-2023-31298
[email protected]
sesami — cash_point_\&_transport_optimizerStored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log.2023-12-296.1CVE-2023-31301
[email protected]
silicon_labs — gecko_sdkGlitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.2024-01-036.8CVE-2023-5138
[email protected]
[email protected]
sourcecodester — engineers_online_portalA vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input <script>alert(0)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability.2023-12-296.1CVE-2023-7160
[email protected]
[email protected]
spider-flow — spider-flowA vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.2024-01-026.3CVE-2024-0195
[email protected]
[email protected]
[email protected]
thirtybees — bees_blogThe beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled.2023-12-306.1CVE-2023-52264
[email protected]
[email protected]
[email protected]
tongda — office_anywhere_2017A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249367. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-304.3CVE-2023-7180
[email protected]
[email protected]
[email protected]
vapor — vaporVapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor’s `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI’s components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation’s `URL` and `URLComponents` utilities.2024-01-036.5CVE-2024-21631
[email protected]
[email protected]
view_component — view_componentview_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 has been released and fully mitigates both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`.2024-01-046.1CVE-2024-21636
[email protected]
[email protected]
[email protected]
winter_cms — winter_cmsWinter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.2023-12-295.4CVE-2023-52085
[email protected]
[email protected]
wiremock — wiremockWireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker’s file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.2023-12-296.1CVE-2023-50069
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms. Thís issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms through 1.2.8.2023-12-296.1CVE-2023-31095
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in WP Directory Kit. This issue affects WP Directory Kit through 1.1.9.2023-12-296.1CVE-2023-31229
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Dylan James Zephyr Project Manager. This issue affects Zephyr Project Manager through 3.3.9.2023-12-296.1CVE-2023-31237
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Pexle Chris Library Viewer. This issue affects Library Viewer through 2.0.6.2023-12-296.1CVE-2023-32101
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder. This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder through 4.0.9.3.2023-12-296.1CVE-2023-32517
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexThemes TheGem – Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS. This issue affects TheGem – Creative Multi-Purpose & WooCommerce WordPress Theme through 5.9.1.2023-12-296.1CVE-2023-50892
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS. This issue affects Impreza – WordPress Website and WooCommerce Builder through 8.17.4.2023-12-296.1CVE-2023-50893
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS. This issue affects HT Mega – Absolute Addons For Elementor through 2.3.8.2023-12-296.1CVE-2023-50901
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS. This issue affects Google Photos Gallery with Shortcodes through 4.0.2.2023-12-296.1CVE-2023-51373
[email protected]
wordpress — wordpressServer-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor. This issue affects Happy Addons for Elementor through 3.9.1.1.2023-12-296.5CVE-2023-51676
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS. This issue affects WP Tabs – Responsive Tabs Plugin for WordPressthrough 2.2.0.2024-01-056.5CVE-2023-52124
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in webvitaly iframe allows Stored XSS. This issue affects iframe through 4.8.2024-01-056.5CVE-2023-52125
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress. This issue affects teachPress through 9.0.4.2024-01-056.3CVE-2023-52129
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS. This issue affects WP Affiliate Disclosure through 1.2.7.2024-01-056.5CVE-2023-52178
[email protected]
wordpress — wordpressThe MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-036.4CVE-2023-6524
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-01-036.1CVE-2023-6629
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.2024-01-046.5CVE-2023-6733
[email protected]
[email protected]
wordpress — wordpressThe Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-036.4CVE-2023-6747
[email protected]
[email protected]
wordpress — wordpressThe RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-066.4CVE-2023-6801
[email protected]
[email protected]
wordpress — wordpressThe WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the ‘group_id’ parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can be leveraged to achieve Reflected Cross-site Scripting.2024-01-036.1CVE-2023-6981
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-036.4CVE-2023-6986
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-046.4CVE-2023-7044
[email protected]
[email protected]
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS. This issue affects WordPress.Com Editing Toolkit through 3.78784.2023-12-295.4CVE-2023-50879
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The BuddyPress Community BuddyPress allows Stored XSS. This issue affects BuddyPress through 11.3.1.2023-12-295.4CVE-2023-50880
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS. This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More through 6.9.15.2023-12-295.4CVE-2023-50881
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS. This issue affects Beaver Builder – WordPress Page Builder through 2.7.2.2023-12-295.4CVE-2023-50889
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS. This issue affects Form plugin for WordPress – Zoho Forms through 3.0.1.2023-12-295.4CVE-2023-50891
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brizy.Io Brizy – Page Builder allows Stored XSS. This issue affects Brizy – Page Builder through 2.4.29.2023-12-295.4CVE-2023-51396
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS. This issue affects WP Remote Site Search through 1.0.4.2023-12-295.4CVE-2023-51397
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget through 1.6.3.2023-12-295.4CVE-2023-51399
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CodePeople Calculated Fields Form. This issue affects Calculated Fields Form through 1.2.28.2023-12-295.4CVE-2023-51517
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aleksandar Uroševi? Stock Ticker allows Stored XSS. This issue affects Stock Ticker through 3.23.4.2023-12-295.4CVE-2023-51541
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu. This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu through 7.0.17.2024-01-055.4CVE-2023-51673
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more. This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more through 8.5.2.2024-01-055.4CVE-2023-52120
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images. This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images through 1.10.2.2024-01-055.4CVE-2023-52121
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email. This issue affects Send Users Email through 1.4.3.2024-01-055.3CVE-2023-52126
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution. This issue affects 404 Solution through 2.33.0.2024-01-055.3CVE-2023-52146
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager. This issue affects Affiliates Manager through 2.9.30.2024-01-055.3CVE-2023-52148
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button. This issue affects Floating Button through 6.0.2024-01-055.4CVE-2023-52149
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin. This issue affects Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin through 5.1.0.2.2024-01-055.3CVE-2023-52151
[email protected]
wordpress — wordpressThe Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagelayer_header_code’, ‘pagelayer_body_open_code’, and ‘pagelayer_footer_code’ meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7.2024-01-045.4CVE-2023-6738
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin’s settings including proxy settings, which are also exposed to authors.2024-01-065.4CVE-2023-6798
[email protected]
[email protected]
wordpress — wordpressThe PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the powerpack-lite-for-elementor/classes/class-pp-admin-settings.php file. This makes it possible for unauthenticated attackers to modify and reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-01-035.3CVE-2023-6984
[email protected]
[email protected]
wordpress — wordpressThe Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘save_settings’ function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.2024-01-035.4CVE-2024-0201
[email protected]
[email protected]
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS. This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress through 1.6.17.2023-12-294.8CVE-2023-50896
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS. This issue affects Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button through 1.1.8.2023-12-294.8CVE-2023-51361
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS. This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget through 1.1.9.2023-12-294.8CVE-2023-51371
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS. This issue affects HashBar – WordPress Notification Bar through 1.4.1.2023-12-294.8CVE-2023-51372
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS. This issue affects ZeroBounce Email Verification & Validation through 1.0.11.2023-12-294.8CVE-2023-51374
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in CleanTalk – Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk. This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk through 6.20.2024-01-054.3CVE-2023-51535
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin. This issue affects Awesome Support – WordPress HelpDesk & Support Plugin through 6.1.5.2024-01-054.3CVE-2023-51538
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions. This issue affects Apollo13 Framework Extensions through 1.9.1.2024-01-054.3CVE-2023-51539
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress. This issue affects Inline Image Upload for BBPress through 1.1.18.2024-01-054.3CVE-2023-51668
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More. This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More through 6.9.18.2023-12-294.7CVE-2023-51675
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search. This issue affects Doofinder WP & WooCommerce Search through 2.0.33.2024-01-054.3CVE-2023-51678
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building. This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building through 3.1.18.2024-01-054.3CVE-2023-52119
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board. This issue affects Simple Job Board through 2.10.6.2024-01-054.3CVE-2023-52122
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials. This issue affects Strong Testimonials through 3.1.10.2024-01-054.3CVE-2023-52123
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce. This issue affects WPC Product Bundles for WooCommerce through 7.3.1.2024-01-054.3CVE-2023-52127
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard. This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard through 2.9.0.2024-01-054.3CVE-2023-52128
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager. This issue affects Affiliates Manager through 2.9.31.2024-01-054.3CVE-2023-52130
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget. This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget through 2.1.2.2024-01-054.3CVE-2023-52136
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts. This issue affects Republish Old Posts through 1.21.2024-01-054.3CVE-2023-52145
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board. This issue affects WP Job Portal – A Complete Job Board through 2.0.6.2024-01-054.3CVE-2023-52184
[email protected]
wordpress — wordpressThe Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the ‘save’ function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue.2024-01-054.3CVE-2023-6493
[email protected]
[email protected]
wordpress — wordpressThe Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-01-044.4CVE-2023-6498
[email protected]
[email protected]
wordpress — wordpressThe WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the ‘delete’ action of the wp-sms-subscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-01-034.3CVE-2023-6980
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.2024-01-034.3CVE-2023-7068
[email protected]
[email protected]
zte — red_magic_8_proPermissions and Access Control Vulnerability in ZTE Red Magic 8 Pro2024-01-046.6CVE-2023-41784
[email protected]
zte — zxcloud_iraiThere is a local privilege escalation vulnerability of ZTE’s ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.2024-01-036.7CVE-2023-41776
[email protected]
zte — zxcloud_iraiThere is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program  failed to adequately validate the user’s input, an attacker could exploit this vulnerability to escalate local privileges.2024-01-036.4CVE-2023-41780
[email protected]
zte — zxcloud_iraiThere is an illegal memory access vulnerability of ZTE’s ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.2024-01-034.4CVE-2023-41779
[email protected]
zte — zxcloud_iraiThere is a command injection vulnerability of ZTE’s ZXCLOUD iRAI. Due to the program  failed to adequately validate the user’s input, an attacker could exploit this vulnerability to escalate local privileges.2024-01-034.3CVE-2023-41783
[email protected]

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
acumos — design_studioA vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249420.2024-01-023.5CVE-2018-25097
[email protected]
[email protected]
[email protected]
[email protected]
collective_idea, inc. — auditedA race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.2024-01-043.1CVE-2024-22047
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
hcl_software — dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats.2024-01-033.7CVE-2023-50345
[email protected]
hcl_software — dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information.2024-01-033.1CVE-2023-50346
[email protected]
hcl_software — dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc.2024-01-033.1CVE-2023-50348
[email protected]
huiran — host_reseller_systemA vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444.2024-01-023.7CVE-2024-0186
[email protected]
[email protected]
[email protected]
libssh — libsshA flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.2024-01-033.9CVE-2023-6004
[email protected]
[email protected]
[email protected]
mattermost — mattermostMattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names.2024-01-023.7CVE-2023-50333
[email protected]
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portalA vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-249501 was assigned to this vulnerability.2024-01-023.1CVE-2024-0188
[email protected]
[email protected]
[email protected]
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portalA vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input </title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability.2024-01-023.5CVE-2024-0189
[email protected]
[email protected]
[email protected]
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file add_quiz.php of the component Quiz Handler. The manipulation of the argument Quiz Title/Quiz Description with the input </title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249503.2024-01-023.5CVE-2024-0190
[email protected]
[email protected]
[email protected]
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability.2024-01-012.4CVE-2024-0181
[email protected]
[email protected]
[email protected]
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability.2024-01-012.4CVE-2024-0183
[email protected]
[email protected]
[email protected]
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability.2024-01-022.4CVE-2024-0184
[email protected]
[email protected]
[email protected]
openharmony — openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.2024-01-023.3CVE-2023-49142
[email protected]
packagekit — packagekitA use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.2024-01-033.3CVE-2024-0217
[email protected]
[email protected]
qnap_systems_inc. — qts/quts_heroA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later2024-01-053.8CVE-2023-45039
[email protected]
qnap_systems_inc. — qts/quts_heroA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later2024-01-053.8CVE-2023-45040
[email protected]
qnap_systems_inc. — qts/quts_heroA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later2024-01-053.8CVE-2023-45041
[email protected]
qnap_systems_inc. — qts/quts_heroA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later2024-01-053.8CVE-2023-45042
[email protected]
qnap_systems_inc. — qts/quts_heroA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later2024-01-053.8CVE-2023-45043
[email protected]
qnap_systems_inc. — qts/quts_heroA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later2024-01-053.8CVE-2023-45044
[email protected]
qnap_systems_inc. — qumagieA SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later2024-01-053.5CVE-2023-47219
[email protected]
samsung_mobile — samsung_emailImplicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information.2024-01-043.3CVE-2024-20807
[email protected]
samsung_mobile — samsung_mobile_devicesPath traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.2024-01-043.3CVE-2024-20805
[email protected]
wordpress — wordpressA vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB-249422 is the identifier assigned to this vulnerability.2024-01-023.5CVE-2015-10128
[email protected]
[email protected]
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection. This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection through 8.1.4.2023-12-293.7CVE-2023-28786
[email protected]
zimbra — zm-ajaxA vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is 8d039d6efe80780adc40c6f670c06d21de272105. It is recommended to upgrade the affected component. The identifier VDB-249421 was assigned to this vulnerability.2024-01-022.6CVE-2017-20188
[email protected]
[email protected]
[email protected]
[email protected]
zte — zxcloud_iraiThere is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.2024-01-053.9CVE-2023-41782
[email protected]

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
abo.cms — abo.cmsSQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module.2024-01-06not yet calculatedCVE-2023-46953
[email protected]
aoyun_technology — pbootcmsAoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.2024-01-04not yet calculatedCVE-2023-50082
[email protected]
[email protected]
apache — inlongImproper Control of Generation of Code (‘Code Injection’) vulnerability in Apache InLong. This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong’s 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/93292024-01-03not yet calculatedCVE-2023-51784
[email protected]
[email protected]
apache — inlongDeserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make an arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong’s 1.10.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/93312024-01-03not yet calculatedCVE-2023-51785
[email protected]
[email protected]
apache — openofficeApache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of CVE-2022-47502.2023-12-29not yet calculatedCVE-2023-47804
[email protected]
[email protected]
[email protected]
apiida_ag — api_gateway_managerAPIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS).2024-01-03not yet calculatedCVE-2023-50092
[email protected]
[email protected]
apiida_ag — api_gateway_managerAPIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.2024-01-03not yet calculatedCVE-2023-50093
[email protected]
[email protected]
autel_robotics — evo_nanoAutel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).2024-01-06not yet calculatedCVE-2023-50121
[email protected]
automatic_systems — soc_fl9600_fastlineDirectory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information.2024-01-03not yet calculatedCVE-2023-37607
[email protected]
[email protected]
[email protected]
automatic_systems — soc_fl9600_fastlineAn issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to obtain sensitive information via the admin login credentials.2024-01-03not yet calculatedCVE-2023-37608
[email protected]
[email protected]
[email protected]
ava_teaching_video_application — ava_teaching_video_applicationCross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx.2024-01-06not yet calculatedCVE-2023-50609
[email protected]
brave_software,_inc. — brave_browserBrave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.2023-12-30not yet calculatedCVE-2023-52263
[email protected]
[email protected]
[email protected]
[email protected]
cesanta_software — mjsAn issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.2024-01-02not yet calculatedCVE-2023-49549
[email protected]
cesanta_software — mjsAn Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.2024-01-02not yet calculatedCVE-2023-49552
[email protected]
cesanta_software — mjsAn issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.2024-01-02not yet calculatedCVE-2023-49553
[email protected]
cetic-6lbr — cetic-6lbrexamples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network.2023-12-31not yet calculatedCVE-2021-46901
[email protected]
[email protected]
cherry — cherryhandle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.2024-01-05not yet calculatedCVE-2024-22086
[email protected]
class.upload.php — class.upload.phpAs a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines.2024-01-04not yet calculatedCVE-2023-6551
[email protected]
[email protected]
cmark-gfm — cmark-gfmCommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.2024-01-04not yet calculatedCVE-2024-22051
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
dzzoffice — dzzofficeSQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.2024-01-06not yet calculatedCVE-2023-39853
[email protected]
ehttp — ehttpehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this.2023-12-31not yet calculatedCVE-2023-52266
[email protected]
[email protected]
ehttp — ehttpehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings.2023-12-31not yet calculatedCVE-2023-52267
[email protected]
[email protected]
encoded_id-rails — encoded_id-railsencoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial-of-service condition by sending an HTTP request with an extremely long “id” parameter.2024-01-04not yet calculatedCVE-2024-0241
[email protected]
[email protected]
[email protected]
[email protected]
firefly-iii — firefly-iiiFirefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.2024-01-05not yet calculatedCVE-2024-22075
[email protected]
fit2cloud — cloud_explorer_liteInsecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.2024-01-06not yet calculatedCVE-2023-50612
[email protected]
floorsight_software_llc — customer_portal_q3_2023An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.2024-01-02not yet calculatedCVE-2023-45893
[email protected]
floorsight_software_llc — insights_q3_2023An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.2024-01-02not yet calculatedCVE-2023-45892
[email protected]
flycms — flycmsFlyCms through abbaa5a allows XSS via the permission management feature.2024-01-01not yet calculatedCVE-2024-21732
[email protected]
fortanix — enclaveos_confidential_computing_managerAn issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer.2023-12-30not yet calculatedCVE-2023-38021
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
fortanix — enclaveos_confidential_computing_managerAn issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user.2023-12-30not yet calculatedCVE-2023-38022
[email protected]
[email protected]
gila_cms — gila_cmsSQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.2024-01-02not yet calculatedCVE-2020-26623
[email protected]
[email protected]
[email protected]
[email protected]
gila_cms — gila_cmsA SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.2024-01-02not yet calculatedCVE-2020-26624
[email protected]
[email protected]
[email protected]
[email protected]
gila_cms — gila_cmsA SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ‘user_id’ parameter after the login portal.2024-01-02not yet calculatedCVE-2020-26625
[email protected]
[email protected]
[email protected]
[email protected]
gl.inet — multiple_productsAn issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.2024-01-03not yet calculatedCVE-2023-50921
[email protected]
gl.inet — multiple_productsAn issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.2024-01-03not yet calculatedCVE-2023-50922
[email protected]
google — chromeUse after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-01-04not yet calculatedCVE-2024-0222
[email protected]
[email protected]
[email protected]
[email protected]
google — chromeHeap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-01-04not yet calculatedCVE-2024-0223
[email protected]
[email protected]
[email protected]
[email protected]
google — chromeUse after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-01-04not yet calculatedCVE-2024-0224
[email protected]
[email protected]
[email protected]
[email protected]
google — chromeUse after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-01-04not yet calculatedCVE-2024-0225
[email protected]
[email protected]
[email protected]
[email protected]
govuk_tech_docs — govuk_tech_docsgovuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user’s browser if a malicious search result is displayed on the search page.2024-01-04not yet calculatedCVE-2024-22048
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
gpac — gpacAn issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.2024-01-03not yet calculatedCVE-2023-46929
[email protected]
[email protected]
httparty — httpartyhttparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.2024-01-04not yet calculatedCVE-2024-22049
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
idurar-erp-crm — idurar-erp-crmIDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data.2023-12-30not yet calculatedCVE-2023-52265
[email protected]
[email protected]
ifair — ifairDirectory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script.2024-01-03not yet calculatedCVE-2023-47473
[email protected]
[email protected]
ifranview — ifranviewIrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.2024-01-05not yet calculatedCVE-2020-13878
[email protected]
ifranview — ifranviewIrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write.2024-01-05not yet calculatedCVE-2020-13879
[email protected]
ifranview — ifranviewIrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.2024-01-05not yet calculatedCVE-2020-13880
[email protected]
iodine — iodinePath traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.2024-01-04not yet calculatedCVE-2024-22050
[email protected]
[email protected]
[email protected]
[email protected]
jeecg — jeecgDeserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.2024-01-03not yet calculatedCVE-2023-49442
[email protected]
jizhicms — jizhicmsJizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.2024-01-04not yet calculatedCVE-2023-51154
[email protected]
jupyter_notebook_viewer — nbviewer_appnbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.2024-01-05not yet calculatedCVE-2023-51277
[email protected]
[email protected]
[email protected]
[email protected]
kantega_software_corp. — kantega_ssoThe Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.)2023-12-29not yet calculatedCVE-2023-52240
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
layui — layuilayui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter.2023-12-30not yet calculatedCVE-2023-50550
[email protected]
linux — kernelClosing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn’t use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn’t block further readers to get the lock).2024-01-05not yet calculatedCVE-2023-34324
[email protected]
little-backup-box — little-backup-boxoutdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input.2023-12-30not yet calculatedCVE-2023-52262
[email protected]
[email protected]
lotos_webserver — lotos_webserverLotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.2024-01-05not yet calculatedCVE-2024-22088
[email protected]
ly_corp. — line_appAn issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.2024-01-03not yet calculatedCVE-2023-45559
[email protected]
[email protected]
ly_corp. — line_appAn issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.2024-01-02not yet calculatedCVE-2023-45561
[email protected]
[email protected]
[email protected]
mingsoft_mcms — mingsoft_mcmsMingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.2023-12-30not yet calculatedCVE-2023-50578
[email protected]
newtonsoft.json — newtonsoft.jsonNewtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial-of-service condition.2024-01-03not yet calculatedCVE-2024-21907
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
npmjs — npmjsA host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users’ passwords and take over their accounts.2024-01-03not yet calculatedCVE-2023-39655
[email protected]
[email protected]
o-ran_software_community — o-ran_software_communityAn issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.2024-01-03not yet calculatedCVE-2023-42358
[email protected]
open5gs — open5gsAn issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.2024-01-02not yet calculatedCVE-2023-50019
[email protected]
[email protected]
open5gs — open5gsAn issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.2024-01-02not yet calculatedCVE-2023-50020
[email protected]
[email protected]
petero.cbor — petero.cborPeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial-of-service vulnerability. An attacker may trigger the denial-of-service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial-of-service condition.2024-01-03not yet calculatedCVE-2024-21909
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
pico — picoroute in main.c in Pico HTTP Server in C through f3b69a6 has a sprintf stack-based buffer overflow via a long URI, leading to remote code execution.2024-01-05not yet calculatedCVE-2024-22087
[email protected]
plotly — plotlyIn Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.2024-01-03not yet calculatedCVE-2023-46308
[email protected]
[email protected]
prestashop — prestashopSQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method.2024-01-05not yet calculatedCVE-2023-50027
[email protected]
pycryptodome/pycryptodomex — pycryptodome/pycryptodomexPyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.2024-01-05not yet calculatedCVE-2023-52323
[email protected]
[email protected]
rengine — renginereNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.2024-01-01not yet calculatedCVE-2023-50094
[email protected]
[email protected]
[email protected]
[email protected]
royal_tsx — royal_tsxRoyal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing in RAPortCheck.createNWConnection.2023-12-31not yet calculatedCVE-2023-52277
[email protected]
s-cms — s-cmsS-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.2024-01-04not yet calculatedCVE-2023-29962
[email protected]
[email protected]
scone — sconeA lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.2023-12-30not yet calculatedCVE-2022-46486
[email protected]
[email protected]
[email protected]
scone — sconeAn issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an “AEPIC Leak.”2023-12-30not yet calculatedCVE-2023-38023
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
sesami — cash_point_&_transport_optimizerAn issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user’s web browser, allowing the journal to be displayed, despite the option being disabled.2023-12-29not yet calculatedCVE-2023-31293
[email protected]
sesami — cash_point_&_transport_optimizerCSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field.2023-12-29not yet calculatedCVE-2023-31294
[email protected]
sesami — cash_point_&_transport_optimizerCSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field.2023-12-29not yet calculatedCVE-2023-31295
[email protected]
sesami — cash_point_&_transport_optimizerCross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container.2023-12-29not yet calculatedCVE-2023-31299
[email protected]
sesami — cash_point_&_transport_optimizerAn issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature.2023-12-29not yet calculatedCVE-2023-31300
[email protected]
sesami — cash_point_&_transport_optimizerCross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field.2023-12-29not yet calculatedCVE-2023-31302
[email protected]
spip — spipecrire/public/assembler.php in SPIP before 4.1.3 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.2024-01-04not yet calculatedCVE-2023-52322
[email protected]
[email protected]
springblade — springbladeAn issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.2024-01-02not yet calculatedCVE-2023-47458
[email protected]
[email protected]
[email protected]
stmicroelectronics_n.v. — stsafe-a1xxSTMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application.2024-01-01not yet calculatedCVE-2023-50096
[email protected]
sympa — sympaSympa before 6.2.62 relies on a cookie parameter for certain security objectives but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.2023-12-31not yet calculatedCVE-2021-46900
[email protected]
[email protected]
[email protected]
tecno_mobile — tecno_camon_x_ca7Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension.2023-12-31not yet calculatedCVE-2023-52275
[email protected]
[email protected]
tenda — ax3Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.2024-01-04not yet calculatedCVE-2023-51812
[email protected]
tenda — i29Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.2024-01-05not yet calculatedCVE-2023-50991
[email protected]
the_genie_company — aladdin_connectUsers’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users’ clear text authentication credentials.2024-01-03not yet calculatedCVE-2023-5879
[email protected]
the_genie_company — aladdin_connectWhen the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users’ web browser. 2024-01-03not yet calculatedCVE-2023-5880
[email protected]
the_genie_company — aladdin_connectUnauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) “Garage Door Control Module Setup” and modify the Garage door’s SSID settings.2024-01-03not yet calculatedCVE-2023-5881
[email protected]
tinymce — tinymceTinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user’s browser.2024-01-03not yet calculatedCVE-2024-21908
[email protected]
[email protected]
[email protected]
[email protected]
tinymce — tinymceTinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user’s browser.2024-01-03not yet calculatedCVE-2024-21910
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
tinymce — tinymceTinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user’s browser.2024-01-03not yet calculatedCVE-2024-21911
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
tms — tmsCross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function.2024-01-04not yet calculatedCVE-2023-50630
[email protected]
ureport2 — ureport2Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.2024-01-03not yet calculatedCVE-2023-50090
[email protected]
wasm-micro-runtime — wasm-micro-runtimeBytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have a “double free or corruption” error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.2023-12-31not yet calculatedCVE-2023-52284
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to its affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL’s, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue.2024-01-01not yet calculatedCVE-2023-5877
[email protected]
wordpress — wordpressThe Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.2024-01-01not yet calculatedCVE-2023-6000
[email protected]
[email protected]
wordpress — wordpressThe WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2024-01-01not yet calculatedCVE-2023-6037
[email protected]
wordpress — wordpressThe PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly accessible log files containing sensitive information when transactions occur.2024-01-01not yet calculatedCVE-2023-6064
[email protected]
wordpress — wordpressThe WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.2024-01-01not yet calculatedCVE-2023-6113
[email protected]
[email protected]
wordpress — wordpressThe Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly accessible files, which may allow attackers monitoring those to leak sensitive information from the site’s backups.2024-01-01not yet calculatedCVE-2023-6271
[email protected]
[email protected]
wordpress — wordpressThe Download Manager WordPress plugin before 3.2.83 does not protect file download’s passwords, leaking it upon receiving an invalid one.2024-01-01not yet calculatedCVE-2023-6421
[email protected]
wordpress — wordpressThe Html5 Video Player WordPress plugin before 2.5.19 does not sanitize and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins.2024-01-01not yet calculatedCVE-2023-6485
[email protected]
wordpress — wordpressThe POST SMTP WordPress plugin before 2.8.7 does not sanitize and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.2024-01-03not yet calculatedCVE-2023-6621
[email protected]
xen — xenArm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetic in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore, there is no guarantee when all the writes will reach the memory.2024-01-05not yet calculatedCVE-2023-34321
[email protected]
xen — xenFor migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn’t large enough.2024-01-05not yet calculatedCVE-2023-34322
[email protected]
xen — xenWhen a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default).2024-01-05not yet calculatedCVE-2023-34323
[email protected]
xen — xen[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the same user as the toolstack (root in a priviledged domain). At least one issue has been reported to the Xen Security Team that allows an attacker to trigger a stack buffer overflow in libfsimage. After further analysis the Xen Security Team is no longer confident in the suitability of libfsimage when run against guest controlled input with super user priviledges. In order to not affect current deployments that rely on pygrub patches are provided in the resolution section of the advisory that allow running pygrub in deprivileged mode. CVE-2023-4949 refers to the original issue in the upstream grub project (“An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.”) CVE-2023-34325 refers specifically to the vulnerabilities in Xen’s copy of libfsimage, which is descended from a very old version of grub.2024-01-05not yet calculatedCVE-2023-34325
[email protected]
xen — xenThe caching invalidation guidelines from the AMD-Vi specification (48882-Rev 3.07-PUB-Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.2024-01-05not yet calculatedCVE-2023-34326
[email protected]
xen — xen[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately, there are errors in Xen’s handling of the guest state, leading to denials of service. 1) CVE-2023-34327 – An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 – A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.2024-01-05not yet calculatedCVE-2023-34327
[email protected]
xen — xen[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately, there are errors in Xen’s handling of the guest state, leading to denials of service. 1) CVE-2023-34327 – An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 – A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.2024-01-05not yet calculatedCVE-2023-34328
[email protected]
xen — xenThe current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4-page table levels. However, dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.2024-01-05not yet calculatedCVE-2023-46835
[email protected]
xen — xenThe fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default. Therefore, there is a race condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen.2024-01-05not yet calculatedCVE-2023-46836
[email protected]
xen — xenArm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetic in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore, there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.2024-01-05not yet calculatedCVE-2023-46837
[email protected]
yasm — yasmUse After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.2024-01-03not yet calculatedCVE-2023-49554
[email protected]
yasm — yasmAn issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.2024-01-03not yet calculatedCVE-2023-49555
[email protected]
yasm — yasmBuffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.2024-01-03not yet calculatedCVE-2023-49556
[email protected]
yasm — yasmAn issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.2024-01-03not yet calculatedCVE-2023-49557
[email protected]
yasm — yasmAn issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.2024-01-03not yet calculatedCVE-2023-49558
[email protected]

Back to top

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: ,

You may have missed

CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

May 9, 2024
gophish

GoPhish Login Page Detected – 43[.]240[.]113[.]10:8443

May 9, 2024
gophish

GoPhish Login Page Detected – 34[.]243[.]38[.]236:443

May 9, 2024
gophish

GoPhish Login Page Detected – 172[.]211[.]163[.]197:3333

May 9, 2024
CISA Logo

CISA: ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies

May 9, 2024