C
CISA
Guest
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
allegro_ai -- clearml | Lack of authentication in all versions of the fileserver component of Allegro AI's ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. | 2024-02-06 | 9.8 | CVE-2024-24592 6f8de1f0-f67e-45a6-b68f-98777fdb759c |
allegro_ai -- clearml | A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server components of Allegro AI's ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks. | 2024-02-06 | 9.6 | CVE-2024-24593 6f8de1f0-f67e-45a6-b68f-98777fdb759c |
allegro_ai -- clearml | A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI's ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI. | 2024-02-06 | 9.9 | CVE-2024-24594 6f8de1f0-f67e-45a6-b68f-98777fdb759c |
allegro_ai -- clearml | Deserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI's ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user's system when interacted with. | 2024-02-06 | 8 | CVE-2024-24590 6f8de1f0-f67e-45a6-b68f-98777fdb759c |
allegro_ai -- clearml | A path traversal vulnerability in version 1.4.0 or newer of Allegro AI's ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user's system when interacted with. | 2024-02-06 | 8 | CVE-2024-24591 6f8de1f0-f67e-45a6-b68f-98777fdb759c |
ampps -- ampps | A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written. | 2024-02-02 | 7.5 | CVE-2024-1189 [email protected] [email protected] [email protected] |
angular -- angular | This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. Note: This package is EOL and will not receive any updates to address this issue. Users should migrate to @angular/core. | 2024-02-10 | 7.5 | CVE-2024-21490 [email protected] [email protected] |
apache_software_foundation -- pulsar | Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the saslJaasServerRoleTokenSignerSecretPath file. Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker. 2.11 Pulsar users should upgrade to at least 2.11.3. 3.0 Pulsar users should upgrade to at least 3.0.2. 3.1 Pulsar users should upgrade to at least 3.1.1. Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions. For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ . | 2024-02-07 | 7.4 | CVE-2023-51437 [email protected] [email protected] |
apache_software_foundation -- sling_servlets_resolver | Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not. | 2024-02-06 | 8.5 | CVE-2024-23673 [email protected] [email protected] |
apachefriends -- xampp | A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH). | 2024-02-02 | 9.8 | CVE-2024-0338 [email protected] |
artifex -- mupdf | mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. | 2024-02-05 | 7.5 | CVE-2024-24258 [email protected] |
artifex -- mupdf | mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. | 2024-02-05 | 7.5 | CVE-2024-24259 [email protected] |
automattic_inc -- crowdsignal_dashboard_polls,surveys&_more | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard - Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard - Polls, Surveys & more: from n/a through 3.0.11. | 2024-02-10 | 7.1 | CVE-2023-51488 [email protected] |
b&r_industrial_automation -- automation_runtime | Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime (SDM modules). The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. A network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients. This issue affects Automation Runtime: from 14.0 before 14.93. | 2024-02-05 | 9.8 | CVE-2024-0323 [email protected] |
b&r_industrial_automation -- automation_studio | Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP. | 2024-02-02 | 8.8 | CVE-2020-24681 [email protected] |
b&r_industrial_automation -- automation_studio | Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4. | 2024-02-02 | 7.8 | CVE-2020-24682 [email protected] |
b&r_industrial_automation -- automation_studio | : Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12. | 2024-02-02 | 7.5 | CVE-2021-22281 [email protected] |
b&r_industrial_automation -- automation_studio | Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12. | 2024-02-02 | 7.8 | CVE-2021-22282 [email protected] |
biteship -- biteship_plugin_ongkos_kirim_kurir_instant_reguler_kargo | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24. | 2024-02-05 | 7.1 | CVE-2024-24866 [email protected] |
blurams -- lumi_security_camera_a31c_firmware | An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code. | 2024-02-02 | 9.8 | CVE-2023-50488 [email protected] [email protected] |
canon_inc -- satera_lbp670c_series | Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2023-6231 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
canon_inc -- satera_lbp670c_series | Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2023-6232 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
canon_inc -- satera_lbp670c_series | Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2023-6233 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
canon_inc -- satera_lbp670c_series | Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2023-6234 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
canon_inc -- satera_mf750c_series | Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2024-0244 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
canon_inc -- satera_lbp670c_series | Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2023-6229 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
canon_inc -- satera_lbp670c_series | Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. | 2024-02-06 | 9.8 | CVE-2023-6230 f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd f98c90f0-e9bd-4fa7-911b-51993f3571fd |
chendotjs -- lotos_webserver | Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c. | 2024-02-05 | 7.5 | CVE-2024-24263 [email protected] |
cisco -- cisco_secure_endpoint | A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog. | 2024-02-07 | 7.5 | CVE-2024-20290 [email protected] |
cisco -- cisco_telepresence_video_communication_server_(vcs)_expressway | A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. | 2024-02-07 | 8.2 | CVE-2024-20255 [email protected] |
cisco -- mutiple_products | Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. | 2024-02-07 | 9.6 | CVE-2024-20252 [email protected] |
cisco -- mutiple_products | Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. | 2024-02-07 | 9.6 | CVE-2024-20254 [email protected] |
composer -- composer | Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of vendor/composer/InstalledVersions.php and vendor/composer/installed.php do not include untrusted code. A reset can also be done on these files by the following:sh rm vendor/composer/installed.php vendor/composer/InstalledVersions.php composer install --no-scripts --no-plugins | 2024-02-09 | 8.8 | CVE-2024-24821 [email protected] [email protected] |
cpio -- cpio | A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system. | 2024-02-05 | 8.8 | CVE-2023-7216 [email protected] [email protected] |
crafty_controller -- crafty_controller | A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header | 2024-02-03 | 7.5 | CVE-2024-1064 [email protected] |
degamisu -- open-irs | open-irs is an issue response robot that reponds to issues in the installed repository. The .env file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets. | 2024-02-02 | 9.8 | CVE-2024-24757 [email protected] |
dell -- bsafe_crypto-c-micro-edition | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability. | 2024-02-02 | 9.8 | CVE-2020-29504 [email protected] |
dell -- bsafe_micro-edition-suite | Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. | 2024-02-02 | 9.8 | CVE-2021-21575 [email protected] |
dell -- bsafe_ssl-j | Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity. | 2024-02-02 | 9.8 | CVE-2022-34381 [email protected] |
dell -- data_protection_search | Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices. | 2024-02-06 | 8.8 | CVE-2024-22433 [email protected] |
dell -- dell_display_manager | Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation | 2024-02-06 | 7.3 | CVE-2023-32451 [email protected] |
dell -- dell_power_manager_(dpm) | Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system. | 2024-02-06 | 7.8 | CVE-2023-25543 [email protected] |
diracgrid -- dirac | DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 9.1 | CVE-2024-24825 [email protected] [email protected] |
emerson -- rosemount_gc370xa | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities. | 2024-02-09 | 8.3 | CVE-2023-51761 [email protected] [email protected] |
emerson_rosemount-- mutiple products | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer. | 2024-02-09 | 9.8 | CVE-2023-46687 [email protected] [email protected] |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 8.6 | CVE-2024-23324 [email protected] [email protected] |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23322 [email protected] [email protected] |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn't supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23325 [email protected] [email protected] |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23327 [email protected] [email protected] |
flusity -- flusity | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php. | 2024-02-05 | 8.8 | CVE-2024-24468 [email protected] |
flusity -- flusity | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. | 2024-02-05 | 8.8 | CVE-2024-24469 [email protected] |
flusity -- flusity | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. | 2024-02-02 | 8.8 | CVE-2024-24470 [email protected] |
flusity -- flusity | Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. | 2024-02-02 | 8.8 | CVE-2024-24524 [email protected] |
fortinet -- fortios/fortiproxy | An out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests | 2024-02-09 | 9.8 | CVE-2024-21762 [email protected] |
fortinet -- fortisiem | An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | 2024-02-05 | 9.8 | CVE-2024-23108 [email protected] |
fortinet -- fortisiem | An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | 2024-02-05 | 9.8 | CVE-2024-23109 [email protected] |
google -- android | In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146. | 2024-02-05 | 9.8 | CVE-2024-20011 [email protected] |
google -- android | In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150. | 2024-02-05 | 8.8 | CVE-2024-20009 [email protected] |
google -- android | In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369. | 2024-02-05 | 7.5 | CVE-2024-20007 [email protected] |
google -- android | In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419. | 2024-02-05 | 7.8 | CVE-2024-20015 [email protected] |
gpac -- gpac | gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function. | 2024-02-05 | 7.5 | CVE-2024-24265 [email protected] |
gpac -- gpac | gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c. | 2024-02-05 | 7.5 | CVE-2024-24266 [email protected] |
gpac -- gpac | gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function. | 2024-02-05 | 7.5 | CVE-2024-24267 [email protected] |
graphviz -- graphviz | Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. | 2024-02-02 | 7.8 | CVE-2023-46045 [email protected] [email protected] [email protected] |
graylog2 -- graylog2_server | Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/cluster_config/ endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of java.io.File , the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue. | 2024-02-07 | 8.8 | CVE-2024-24824 [email protected] [email protected] [email protected] [email protected] |
gttb -- gtb_central_console | An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known value. | 2024-02-02 | 9.8 | CVE-2024-22108 [email protected] [email protected] |
gttb -- gtb_central_console | An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform. | 2024-02-02 | 7.2 | CVE-2024-22107 [email protected] [email protected] |
hashicorp -- boundary | Boundary and Boundary Enterprise ("Boundary") is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application. | 2024-02-05 | 8 | CVE-2024-1052 [email protected] |
hashicorp -- nomad | HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14. | 2024-02-08 | 7.7 | CVE-2024-1329 [email protected] |
ibm -- cloud_pak_system | IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733. | 2024-02-02 | 7.5 | CVE-2023-38273 [email protected] [email protected] |
ibm -- engineering_lifecycle_optimization_publishing | IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. | 2024-02-09 | 7.5 | CVE-2023-45191 [email protected] [email protected] |
ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. | 2024-02-02 | 9.8 | CVE-2023-32333 [email protected] [email protected] |
ibm -- operational_decision_manager | IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. | 2024-02-02 | 9.8 | CVE-2024-22319 [email protected] [email protected] |
ibm -- operational_decision_manager | IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146. | 2024-02-02 | 8.8 | CVE-2024-22320 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130. | 2024-02-02 | 9.8 | CVE-2023-50940 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116. | 2024-02-02 | 8.8 | CVE-2023-50936 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107. | 2024-02-02 | 7.5 | CVE-2023-50326 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117. | 2024-02-02 | 7.5 | CVE-2023-50937 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129. | 2024-02-02 | 7.5 | CVE-2023-50939 [email protected] [email protected] |
ibm -- security_access_manager_container | IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196. | 2024-02-07 | 7.5 | CVE-2023-38369 [email protected] [email protected] |
ibm -- security_verify_access | IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. | 2024-02-07 | 9.8 | CVE-2023-32328 [email protected] [email protected] |
ibm -- security_verify_access | IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. | 2024-02-07 | 9.8 | CVE-2023-32330 [email protected] [email protected] |
ibm -- security_verify_access | IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. | 2024-02-07 | 7.2 | CVE-2023-43017 [email protected] [email protected] |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765. | 2024-02-03 | 9 | CVE-2023-31004 [email protected] [email protected] |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651. | 2024-02-03 | 7.5 | CVE-2023-30999 [email protected] [email protected] |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. | 2024-02-03 | 7.8 | CVE-2023-31005 [email protected] [email protected] |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776. | 2024-02-03 | 7.5 | CVE-2023-31006 [email protected] [email protected] |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783. | 2024-02-03 | 7.1 | CVE-2023-32327 [email protected] [email protected] |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154. | 2024-02-03 | 7.3 | CVE-2023-43016 [email protected] [email protected] |
ibm -- soar_qradar_plugin_app | IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577. | 2024-02-02 | 8.8 | CVE-2023-38263 [email protected] [email protected] |
ibm -- spectrum_protect_plus | IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599. | 2024-02-02 | 7.5 | CVE-2023-47148 [email protected] [email protected] |
ibm -- storage_defender_ -- resiliency_service | IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783. | 2024-02-10 | 8 | CVE-2023-50957 [email protected] [email protected] |
ibm -- tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270. | 2024-02-02 | 9.8 | CVE-2023-47143 [email protected] [email protected] |
ibm -- tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267. | 2024-02-02 | 8.8 | CVE-2023-47142 [email protected] [email protected] |
icinga -- icingaweb2_module_director | Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being. | 2024-02-09 | 8.3 | CVE-2024-24820 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
ireader -- media-server | media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c. | 2024-02-05 | 7.5 | CVE-2024-24260 [email protected] |
ireader -- media-server | media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c. | 2024-02-05 | 7.5 | CVE-2024-24262 [email protected] |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible | 2024-02-06 | 9.8 | CVE-2024-23917 [email protected] |
jfinalcms_project -- jfinalcms | JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. | 2024-02-02 | 9.8 | CVE-2024-24029 [email protected] |
jishenghua -- jsherp | jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism. | 2024-02-07 | 9.8 | CVE-2024-24001 [email protected] [email protected] |
jishenghua -- jsherp | jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in safeSqlParse method for sql injection. | 2024-02-07 | 9.8 | CVE-2024-24002 [email protected] [email protected] |
jishenghua -- jsherp | jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in safeSqlParse method for sql injection. | 2024-02-08 | 9.8 | CVE-2024-24003 [email protected] [email protected] |
jishenghua -- jsherp | jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in safeSqlParse method for sql injection. | 2024-02-07 | 9.8 | CVE-2024-24004 [email protected] [email protected] |
jsish -- jsish | Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c. | 2024-02-07 | 9.8 | CVE-2024-24186 [email protected] |
jsish -- jsish | Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. | 2024-02-07 | 9.8 | CVE-2024-24188 [email protected] |
jsish -- jsish | Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c. | 2024-02-07 | 9.8 | CVE-2024-24189 [email protected] |
kddi -- home_spot_cube_2_firmware | Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported. | 2024-02-02 | 9.8 | CVE-2024-23978 [email protected] [email protected] |
kddi -- home_spot_cube_2_firmware | Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported. | 2024-02-02 | 7.5 | CVE-2024-21780 [email protected] [email protected] |
kihron -- serverrpexposer | Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. | 2024-02-02 | 9.8 | CVE-2024-22779 [email protected] [email protected] [email protected] |
ledgersmb -- ledgersmb | LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9. | 2024-02-02 | 7.5 | CVE-2024-23831 [email protected] [email protected] |
libexpat_project -- libexpat | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | 2024-02-04 | 7.5 | CVE-2023-52425 [email protected] |
libgit2 -- libgit2 | libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to git_index_add can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the has_dir_name function in src/libgit2/index.c , which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2. | 2024-02-06 | 8.6 | CVE-2024-24577 [email protected] [email protected] [email protected] |
libgit2 -- libgit2 | libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to git_revparse_single can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in src/libgit2/revparse.c uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2. | 2024-02-06 | 7.5 | CVE-2024-24575 [email protected] [email protected] [email protected] [email protected] |
libuv -- libuv | libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its windows counterpart src/win/getaddrinfo.c ), truncates hostnames to 256 characters before calling getaddrinfo . This behavior can be exploited to create addresses like 0x00007f000001 , which are considered valid by getaddrinfo and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the hostname_ascii variable (with a length of 256 bytes) is handled in uv_getaddrinfo and subsequently in uv__idna_toascii . When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have username.example.com pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-07 | 7.3 | CVE-2024-24806 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
liferay -- portal/dxp | Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application. | 2024-02-07 | 9.6 | CVE-2024-25145 [email protected] |
liveconfig -- liveconfig | Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint. | 2024-02-02 | 7.5 | CVE-2024-22851 [email protected] |
magic_hills_pty_ltd -- wonder_slider_lite | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS. This issue affects Wonder Slider Lite: from n/a through 13.9. | 2024-02-08 | 7.1 | CVE-2024-24877 [email protected] |
mailcow -- mailcow-dockerized | mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not br-mailcow and the output interface is br-mailcow . | 2024-02-02 | 7.3 | CVE-2024-24760 [email protected] [email protected] |
mate_desktop -- engrampa | Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa. | 2024-02-05 | 8.2 | CVE-2023-52138 [email protected] [email protected] |
mediatek -- nr15 | In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981). | 2024-02-05 | 7.5 | CVE-2024-20003 [email protected] |
mediatek -- nr15 | In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985). | 2024-02-05 | 7.5 | CVE-2024-20004 [email protected] |
meshcentral -- meshcentral | Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. | 2024-02-02 | 7.5 | CVE-2023-51838 [email protected] [email protected] [email protected] |
mia_technology_inc. -- mia-med | Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users. This issue affects MİA-MED: before 1.0.7. | 2024-02-08 | 7.5 | CVE-2023-6517 [email protected] |
mia_technology_inc. -- mia-med | Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7. | 2024-02-08 | 7.5 | CVE-2023-6518 [email protected] |
mia_technology_inc. -- mia-med | Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7. | 2024-02-08 | 7.5 | CVE-2023-6519 [email protected] |
mia_technology_inc -- mia-med | Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7. | 2024-02-08 | 8.8 | CVE-2023-6515 [email protected] |
microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2024-02-02 | 8.3 | CVE-2024-21399 [email protected] |
miro -- miro | Miro Desktop 0.8.18 on macOS allows Electron code injection. | 2024-02-02 | 9.8 | CVE-2024-23746 [email protected] [email protected] [email protected] |
mrcms -- mrcms | MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered. | 2024-02-02 | 7.5 | CVE-2024-24161 [email protected] |
nationalkeep -- cybermath | Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server. This issue affects CyberMath: from v.1.4 before v.1.5. | 2024-02-02 | 9.8 | CVE-2023-6675 [email protected] |
nationalkeep -- cybermath | Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery. This issue affects CyberMath: from v1.4 before v1.5. | 2024-02-02 | 8.8 | CVE-2023-6676 [email protected] |
oduyo --financial_technology_online_collection | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2. | 2024-02-09 | 9.8 | CVE-2023-6677 [email protected] |
open_formulieren -- open_forms | Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could potentially have the second-factor authentication bypassed if an attacker somehow managed to authenticate to Open Forms. The maintainers of Open Forms do not believe it is or has been possible to perform this login. However, if this were possible, the victim's account may be abused to view (potentially sensitive) submission data or have been used to impersonate other staff accounts to view and/or modify data. Three mitigating factors to help prevent exploitation include: the usual login page (at /admin/login/ ) does not fully log in the user until the second factor was succesfully provided; the additional non-MFA protected login page at /api/v2/api-authlogin/ was misconfigured and could not be used to log in; and there are no additional ways to log in. This also requires credentials of a superuser to be compromised to be exploitable. Versions 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain the following patches to address these weaknesses: Move and only enable the API auth endpoints (/api/v2/api-auth/login/ ) with settings.DEBUG = True . settings.DEBUG = True is insecure and should never be applied in production settings. Additionally, apply a custom permission check to the hijack flow to only allow second-factor-verified superusers to perform user hijacking. | 2024-02-07 | 7.7 | CVE-2024-24771 [email protected] [email protected] [email protected] [email protected] [email protected] |
openharmony -- openharmony | in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write. | 2024-02-02 | 8.8 | CVE-2023-45734 [email protected] |
openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. | 2024-02-02 | 8.8 | CVE-2024-21860 [email protected] |
openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. | 2024-02-02 | 7.8 | CVE-2024-21845 [email protected] |
openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. | 2024-02-02 | 7.8 | CVE-2024-21851 [email protected] |
openobserve -- openobserve | OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-08 | 9.9 | CVE-2024-24830 [email protected] |
openobserve -- openobserve | OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/{org_id}/users/{email_id}" endpoint. This vulnerability allows any authenticated user within an organization to remove any other user from that same organization, irrespective of their respective roles. This includes the ability to remove users with "Admin" and "Root" roles. By enabling any organizational member to unilaterally alter the user base, it opens the door to unauthorized access and can cause considerable disruptions in operations. The core of the vulnerability lies in the remove_user_from_org function in the user management system. This function is designed to allow organizational users to remove members from their organization. The function does not check if the user initiating the request has the appropriate administrative privileges to remove a user. Any user who is part of the organization, irrespective of their role, can remove any other user, including those with higher privileges. This vulnerability is categorized as an Authorization issue leading to Unauthorized User Removal. The impact is severe, as it compromises the integrity of user management within organizations. By exploiting this vulnerability, any user within an organization, without the need for administrative privileges, can remove critical users, including "Admins" and "Root" users. This could result in unauthorized system access, administrative lockout, or operational disruptions. Given that user accounts are typically created by "Admins" or "Root" users, this vulnerability can be exploited by any user who has been granted access to an organization, thereby posing a critical risk to the security and operational stability of the application. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. | 2024-02-08 | 9.1 | CVE-2024-25106 [email protected] |
panterasoft -- hdd_health | Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation. | 2024-02-02 | 7.8 | CVE-2024-1201 [email protected] |
ping_identity -- pingfederate | Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests. | 2024-02-06 | 8.8 | CVE-2023-40545 [email protected] [email protected] [email protected] |
postgresql -- postgresql | Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability. | 2024-02-08 | 8 | CVE-2024-0985 f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 |
pt_woo_plugins_(by_webdados) -- portugal_ctt_tracking_for_woocommerce | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS. This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1. | 2024-02-08 | 7.1 | CVE-2024-24878 [email protected] |
qibosoft -- qibocms_x1 | A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-05 | 7.3 | CVE-2024-1225 [email protected] [email protected] [email protected] |
qnap -- photo_station | An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later | 2024-02-02 | 8.8 | CVE-2023-47562 [email protected] |
qnap -- qsync_central | An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later | 2024-02-02 | 8.1 | CVE-2023-47564 [email protected] |
qnap -- qts | An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 9.8 | CVE-2023-39303 [email protected] |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 9.8 | CVE-2023-45025 [email protected] |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 8.8 | CVE-2023-39297 [email protected] |
qnap -- qts | A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 8.8 | CVE-2023-47568 [email protected] |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-39302 [email protected] |
qnap -- qts | A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41273 [email protected] |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41275 [email protected] |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41276 [email protected] |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41277 [email protected] |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41278 [email protected] |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41279 [email protected] |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41280 [email protected] |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41281 [email protected] |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41282 [email protected] |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41283 [email protected] |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-41292 [email protected] |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-45035 [email protected] |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-45036 [email protected] |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-45037 [email protected] |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-47566 [email protected] |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 7.2 | CVE-2023-47567 [email protected] |
qolsys_inc -- iq_panel_4 | Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. | 2024-02-08 | 7.3 | CVE-2024-0242 [email protected] [email protected] |
qualcomm -- 315_5g_iot_modem_firmware | Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage. | 2024-02-06 | 7.5 | CVE-2023-33049 [email protected] |
qualcomm -- 315_5g_iot_modem_firmware | Transient DOS in Multi-Mode Call Processor while processing UE policy container. | 2024-02-06 | 7.5 | CVE-2023-33057 [email protected] |
qualcomm -- 315_5g_iot_modem_firmware | Memory corruption in Core while processing control functions. | 2024-02-06 | 7.8 | CVE-2023-33072 [email protected] |
qualcomm -- 315_5g_iot_modem_firmware | Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. | 2024-02-06 | 7.8 | CVE-2023-43513 [email protected] |
qualcomm -- 315_5g_iot_modem_firmware | Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. | 2024-02-06 | 7.5 | CVE-2023-43533 [email protected] |
qualcomm -- 315_5g_iot_modem_firmware | Transient DOS while parse fils IE with length equal to 1. | 2024-02-06 | 7.5 | CVE-2023-43536 [email protected] |
qualcomm -- 9206_lte_modem_firmware | Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points. | 2024-02-06 | 7.8 | CVE-2023-33067 [email protected] |
qualcomm -- 9206_lte_modem_firmware | Memory corruption in Audio while processing IIR config data from AFE calibration block. | 2024-02-06 | 7.8 | CVE-2023-33068 [email protected] |
qualcomm -- 9206_lte_modem_firmware | Memory corruption in Audio while processing the calibration data returned from ACDB loader. | 2024-02-06 | 7.8 | CVE-2023-33069 [email protected] |
qualcomm -- aqt1000_firmware | Memory corruption in video while parsing invalid mp2 clip. | 2024-02-06 | 9.8 | CVE-2023-43518 [email protected] |
qualcomm -- aqt1000_firmware | Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. | 2024-02-06 | 9.8 | CVE-2023-43519 [email protected] |
qualcomm -- aqt1000_firmware | Information disclosure in Audio while accessing AVCS services from ADSP payload. | 2024-02-06 | 7.1 | CVE-2023-33065 [email protected] |
qualcomm -- aqt1000_firmware | Memory corruption in Core when updating rollback version for TA and OTA feature is enabled. | 2024-02-06 | 7.8 | CVE-2023-33076 [email protected] |
qualcomm -- aqt1000_firmware | Memory corruption in HLOS while converting from authorization token to HIDL vector. | 2024-02-06 | 7.8 | CVE-2023-33077 [email protected] |
qualcomm -- aqt1000_firmware | Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. | 2024-02-06 | 7.5 | CVE-2023-43522 [email protected] |
qualcomm -- ar8035_firmware | Information disclosure in Modem while processing SIB5. | 2024-02-06 | 9.1 | CVE-2023-33058 [email protected] |
qualcomm -- ar8035_firmware | Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE. | 2024-02-06 | 9.8 | CVE-2023-43520 [email protected] |
qualcomm -- ar8035_firmware | Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. | 2024-02-06 | 9.8 | CVE-2023-43534 [email protected] |
qualcomm -- ar8035_firmware | Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation. | 2024-02-06 | 7 | CVE-2023-33046 [email protected] |
qualcomm -- ar8035_firmware | Transient DOS while processing 11AZ RTT management action frame received through OTA. | 2024-02-06 | 7.5 | CVE-2023-43523 [email protected] |
qualcomm -- fastconnect_6700_firmware | Memory corruption while reading ACPI config through the user mode app. | 2024-02-06 | 7.8 | CVE-2023-43532 [email protected] |
qualcomm -- fastconnect_6700_firmware | Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger. | 2024-02-06 | 7.8 | CVE-2023-43535 [email protected] |
qualcomm -- fastconnect_6900_firmware | Memory corruption when malformed message payload is received from firmware. | 2024-02-06 | 7.8 | CVE-2023-43516 [email protected] |
qualcomm -- qam8255p_firmware | Memory corruption in Automotive Multimedia due to improper access control in HAB. | 2024-02-06 | 7.8 | CVE-2023-43517 [email protected] |
rapidscada -- rapid_scada | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. | 2024-02-02 | 9.8 | CVE-2024-21764 [email protected] [email protected] |
rapidscada -- rapid_scada | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation. | 2024-02-02 | 7.8 | CVE-2024-22016 [email protected] [email protected] |
remyandrade -- testimonial_page_manager | A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695. | 2024-02-02 | 9.8 | CVE-2024-1197 [email protected] [email protected] |
samsung -- magician_pc_software | Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. | 2024-02-07 | 7.3 | CVE-2024-23769 [email protected] |
samsung_mobile -- samsung_mobile_devices | Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. | 2024-02-06 | 8.4 | CVE-2024-20812 [email protected] |
samsung_mobile -- samsung_mobile_devices | Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. | 2024-02-06 | 8.4 | CVE-2024-20813 [email protected] |
samsung_mobile -- samsung_mobile_devices | Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. | 2024-02-06 | 8 | CVE-2024-20815 [email protected] |
samsung_mobile -- samsung_mobile_devices | Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. | 2024-02-06 | 8 | CVE-2024-20816 [email protected] |
silabs -- gecko_software_development_kit | A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | 2024-02-02 | 7.5 | CVE-2023-6387 [email protected] [email protected] |
silabs -- gecko_software_development_kit | Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number | 2024-02-05 | 7.5 | CVE-2023-6874 [email protected] [email protected] |
snow_software -- inventory_agent | Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages. This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. | 2024-02-08 | 7.8 | CVE-2024-1149 [email protected] |
snow_software -- inventory_agent | Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages. This issue affects Inventory Agent: through 7.3.1. | 2024-02-08 | 7.8 | CVE-2024-1150 [email protected] |
software_engineering_consultancy_machine_equipment_limited_company -- hearing_tracking_system | Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0. | 2024-02-09 | 8.8 | CVE-2023-6724 [email protected] |
softwarefx -- chart_fx | An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. | 2024-02-02 | 7.5 | CVE-2023-39611 [email protected] |
solarwinds -- solarwinds_platform | SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | 2024-02-06 | 8 | CVE-2023-50395 [email protected] [email protected] |
solarwinds -- solarwinds_platform | SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | 2024-02-06 | 8 | CVE-2023-35188 [email protected] [email protected] |
tiangolo -- fastapi | FastAPI is a web framework for building APIs with Python 3.8+ based on standard Python type hints. When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options. An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests. It's a ReDoS(Regular expression Denial of Service), it only applies to those reading form data, using python-multipart . This vulnerability has been patched in version 0.109.1. | 2024-02-05 | 7.5 | CVE-2024-24762 [email protected] [email protected] [email protected] |
tp-link -- er7206_firmware | A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell. | 2024-02-06 | 7.2 | CVE-2023-36498 [email protected] |
tp-link -- er7206_firmware | A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-42664 [email protected] |
tp-link -- er7206_firmware | A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-43482 [email protected] |
tp-link -- er7206_firmware | A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-46683 [email protected] |
tp-link -- er7206_firmware | A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-47167 [email protected] |
tp-link -- er7206_firmware | A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-47209 [email protected] |
tp-link -- er7206_firmware | A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-47617 [email protected] |
tp-link -- er7206_firmware | A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-02-06 | 7.2 | CVE-2023-47618 [email protected] |
vinchin -- vinchin_backup_and_recovery | Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. | 2024-02-02 | 9.8 | CVE-2024-22901 [email protected] [email protected] [email protected] |
vinchin -- vinchin_backup_and_recovery | Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. | 2024-02-02 | 9.8 | CVE-2024-22902 [email protected] [email protected] [email protected] [email protected] |
vinchin -- vinchin_backup_and_recovery | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. | 2024-02-02 | 8.8 | CVE-2024-22899 [email protected] [email protected] [email protected] |
vinchin -- vinchin_backup_and_recovery | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. | 2024-02-02 | 8.8 | CVE-2024-22900 [email protected] [email protected] [email protected] |
vinchin -- vinchin_backup_and_recovery | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. | 2024-02-02 | 8.8 | CVE-2024-22903 [email protected] [email protected] [email protected] |
vmware -- aria_operations_for_networks | Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. | 2024-02-06 | 7.8 | CVE-2024-22237 [email protected] |
vmware -- aria_operations_for_networks | Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. | 2024-02-06 | 7.8 | CVE-2024-22239 [email protected] |
vyper -- vyper | Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including 0.3.10 . For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist. There are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form assert index < x , the developer will suppose that no elements on indexes y | y >= x are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check. | 2024-02-07 | 9.8 | CVE-2024-24563 [email protected] [email protected] [email protected] |
westermo -- lynx | The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally. | 2024-02-06 | 8 | CVE-2023-38579 [email protected] |
westermo -- lynx | A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. | 2024-02-06 | 8 | CVE-2023-45735 [email protected] |
wixtoolset -- issues | WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4. | 2024-02-07 | 8.2 | CVE-2024-24810 [email protected] |
wordpress -- wordpress | The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorization and does not check the uploaded file in its p3dlite_handle_upload AJAX action, allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache. | 2024-02-05 | 9.8 | CVE-2021-4436 [email protected] |
wordpress -- wordpress | The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-02-05 | 9.8 | CVE-2023-6933 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Shield Security - Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. | 2024-02-05 | 9.8 | CVE-2023-6989 [email protected] [email protected] |
wordpress -- wordpress | The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default, this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors. | 2024-02-05 | 9.1 | CVE-2024-0221 [email protected] [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export. | 2024-02-02 | 9.8 | CVE-2024-0685 [email protected] [email protected] |
wordpress -- wordpress | The Cryptocurrency Widgets - Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-05 | 9.8 | CVE-2024-0709 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-08 | 9.8 | CVE-2024-1207 [email protected] [email protected] |
wordpress -- wordpress | The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts. | 2024-02-05 | 8.8 | CVE-2023-6700 [email protected] [email protected] |
wordpress -- wordpress | The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function. | 2024-02-05 | 8.8 | CVE-2023-6846 [email protected] [email protected] |
wordpress -- wordpress | The Display custom fields in the frontend - Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. This makes it possible for authenticated attackers with contributor-level and above permissions to call arbitrary functions and execute code. | 2024-02-05 | 8.8 | CVE-2023-6996 [email protected] [email protected] |
wordpress -- wordpress | The User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles. | 2024-02-05 | 8.2 | CVE-2024-0324 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-10 | 8.8 | CVE-2024-0594 [email protected] [email protected] [email protected] [email protected] |
wordpress -- wordpress | The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access. | 2024-02-05 | 8.1 | CVE-2024-0761 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Instant Images - One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options. | 2024-02-05 | 8.8 | CVE-2024-0869 [email protected] [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Website Builder by SeedProd - Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23. | 2024-02-05 | 8.2 | CVE-2024-1072 [email protected] [email protected] |
wordpress -- wordpress | The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-07 | 8.8 | CVE-2024-1118 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-02-05 | 7.2 | CVE-2023-6635 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin (the default is editor role, but access can also be granted to contributor role), to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-02-05 | 7.2 | CVE-2023-6925 [email protected] [email protected] |
wordpress -- wordpress | The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'reset_form' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-05 | 7.1 | CVE-2024-0428 [email protected] [email protected] |
wordpress -- wordpress | The Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources. | 2024-02-09 | 7.5 | CVE-2024-0842 [email protected] [email protected] |
wordpress -- wordpress | The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2024-02-02 | 7.2 | CVE-2024-0844 [email protected] [email protected] |
wordpress -- wordpress | The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content. | 2024-02-03 | 7.5 | CVE-2024-0909 [email protected] [email protected] [email protected] |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2. | 2024-02-08 | 7.1 | CVE-2024-24881 [email protected] |
xiandafu -- beetl | Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. | 2024-02-02 | 9.8 | CVE-2024-22533 [email protected] |
xorg -- xorg-server | An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. | 2024-02-09 | 7.8 | CVE-2024-0229 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list | 2024-02-06 | 9.8 | CVE-2024-24013 [email protected] [email protected] |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list | 2024-02-08 | 9.8 | CVE-2024-24014 [email protected] [email protected] |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit | 2024-02-06 | 9.8 | CVE-2024-24015 [email protected] [email protected] |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list | 2024-02-08 | 9.8 | CVE-2024-24017 [email protected] [email protected] |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list | 2024-02-08 | 9.8 | CVE-2024-24018 [email protected] [email protected] |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list | 2024-02-07 | 9.8 | CVE-2024-24019 [email protected] [email protected] |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list. | 2024-02-08 | 9.8 | CVE-2024-24021 [email protected] [email protected] |
xxyopen -- novel-plus | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list. | 2024-02-08 | 9.8 | CVE-2024-24023 [email protected] [email protected] |
xxyopen -- novel-plus | An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download. | 2024-02-08 | 9.8 | CVE-2024-24024 [email protected] [email protected] |
xxyopen -- novel-plus | An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. | 2024-02-08 | 9.8 | CVE-2024-24025 [email protected] [email protected] |
xxyopen -- novel-plus | An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. | 2024-02-08 | 9.8 | CVE-2024-24026 [email protected] [email protected] |
yannick_lefebvre -- link_library | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS. This issue affects Link Library: from n/a through 7.5.13. | 2024-02-08 | 7.1 | CVE-2024-24879 [email protected] |
yarn -- yarn | An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways. | 2024-02-04 | 7.7 | CVE-2021-4435 [email protected] [email protected] [email protected] [email protected] |
zohocorp -- manageengine_adaudit_plus | Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. | 2024-02-02 | 9.8 | CVE-2023-48792 [email protected] [email protected] |
zohocorp -- manageengine_adaudit_plus | Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. | 2024-02-02 | 9.8 | CVE-2023-48793 [email protected] [email protected] |
zohocorp -- manageengine_adaudit_plus | ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | 2024-02-02 | 8.8 | CVE-2024-0253 0fc0942c-577d-436f-ae8e-945763c79b02 |
zohocorp -- manageengine_adaudit_plus | ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | 2024-02-02 | 8.8 | CVE-2024-0269 0fc0942c-577d-436f-ae8e-945763c79b02 |
zopefoundation -- products_sqlalchemyda | SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem. | 2024-02-07 | 9.8 | CVE-2024-24811 [email protected] [email protected] |
Back to top
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
1panel-dev -- 1panel | 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6. | 2024-02-05 | 6.5 | CVE-2024-24768 [email protected] [email protected] [email protected] |
acowebs -- product_labels_for_woocommerce_(sale_badges) | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3. | 2024-02-08 | 5.9 | CVE-2024-24886 [email protected] |
allegro_ai -- clearml | Allegro AI's open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords. | 2024-02-05 | 6 | CVE-2024-24595 6f8de1f0-f67e-45a6-b68f-98777fdb759c |
ansible -- ansible | An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. | 2024-02-06 | 5 | CVE-2024-0690 [email protected] [email protected] [email protected] [email protected] |
antisamy_project -- antisamy | AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later. | 2024-02-02 | 6.1 | CVE-2024-23635 [email protected] |
apache_software_foundation -- ozone | Improper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0. Users are recommended to upgrade to version 1.4.0, which fixes the issue. | 2024-02-07 | 5.3 | CVE-2023-39196 [email protected] [email protected] |
apollo13themes -- apollo13_framework_extensions | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS. This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2. | 2024-02-08 | 6.5 | CVE-2024-24880 [email protected] |
audrasjb -- gdpr_data_request_form | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS. This issue affects GDPR Data Request Form: from n/a through 1.6. | 2024-02-08 | 6.5 | CVE-2024-24836 [email protected] |
axis_communications_ab -- axis_os | Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2024-02-05 | 6.3 | CVE-2023-5677 [email protected] |
axis_communications_ab -- axis_os | Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2024-02-05 | 5.4 | CVE-2023-5800 [email protected] |
beijing_baichuo -- smart_s20_management_platform | A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252993 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-06 | 4.7 | CVE-2024-1254 [email protected] [email protected] [email protected] |
beijing_baichuo -- smart_s40_management_platform | A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-06 | 4.7 | CVE-2024-1253 [email protected] [email protected] [email protected] |
blockmason -- credit-protocol | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of service. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 082e01f18707ef995e80ebe97fcedb229a55efc5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252799. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2024-02-04 | 4.3 | CVE-2018-25098 [email protected] [email protected] [email protected] [email protected] |
blurams -- lumi_security_camera_a31c_firmware | An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. | 2024-02-02 | 6.8 | CVE-2023-51820 [email protected] [email protected] |
br-automation -- automation_runtime | A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user's browser session. | 2024-02-05 | 6.1 | CVE-2023-6028 [email protected] |
ckeditor -- ckeditor4 | CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to script and style elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts. | 2024-02-07 | 6.1 | CVE-2024-24815 [email protected] [email protected] [email protected] [email protected] [email protected] |
ckeditor -- ckeditor4 | CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts. | 2024-02-07 | 6.1 | CVE-2024-24816 [email protected] [email protected] [email protected] |
clicktotweet.com -- click_to_tweet | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14. | 2024-02-10 | 6.5 | CVE-2024-23514 [email protected] |
codeastro -- employee_task_management_system | A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability. | 2024-02-03 | 5.4 | CVE-2024-1199 [email protected] [email protected] [email protected] |
codeastro -- restaurant_pos_system | A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253011. | 2024-02-07 | 6.3 | CVE-2024-1268 [email protected] [email protected] [email protected] |
creative_themes -- blocksy | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.0.19. | 2024-02-08 | 6.5 | CVE-2024-24871 [email protected] |
cryptlib -- cryptlib | A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server's certificate. | 2024-02-05 | 5.9 | CVE-2024-0202 [email protected] |
cups_easy -- cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-02-02 | 6.1 | CVE-2024-23895 [email protected] |
dan_dulaney -- dan's_embedder_for_google_calendar | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS. This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2. | 2024-02-05 | 6.5 | CVE-2023-51504 [email protected] |
dell -- appsync | Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. | 2024-02-08 | 6.2 | CVE-2024-22464 [email protected] |
dell -- cpg_bios | Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. | 2024-02-06 | 6.7 | CVE-2023-28063 [email protected] |
dell -- dell_bsafe_ssl-j | Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. | 2024-02-10 | 4.4 | CVE-2023-28077 [email protected] |
dell -- dell_command_monitor | Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete. | 2024-02-06 | 4.7 | CVE-2023-28049 [email protected] |
dell -- dell_display_manager | Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion | 2024-02-06 | 6.6 | CVE-2023-32474 [email protected] |
dell -- dell_encryption | Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. | 2024-02-06 | 6.7 | CVE-2023-32479 [email protected] |
dell -- dup_framework | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | 2024-02-06 | 6.3 | CVE-2023-32454 [email protected] |
dev.dans-art -- add_customer_for_woocommerce | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan's Art Add Customer for WooCommerce allows Stored XSS.This issue affects Add Customer for WooCommerce: from n/a through 1.7. | 2024-02-05 | 4.8 | CVE-2024-24841 [email protected] |
elastic -- apm_server | An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs. | 2024-02-07 | 5.7 | CVE-2024-23448 [email protected] [email protected] |
elastic -- elastic_network_drive_connector | An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user. | 2024-02-07 | 5.3 | CVE-2024-23447 [email protected] [email protected] |
elastic -- kibana | An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index. | 2024-02-07 | 6.5 | CVE-2024-23446 [email protected] [email protected] |
emerson -- rosemount_gc370xa | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. | 2024-02-09 | 6.9 | CVE-2023-43609 [email protected] [email protected] |
emerson -- rosemount_gc370xa | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer. | 2024-02-09 | 6.9 | CVE-2023-49716 [email protected] [email protected] |
enalean -- tuleap | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition. | 2024-02-06 | 5.3 | CVE-2024-23344 [email protected] [email protected] [email protected] [email protected] |
envoyproxy -- envoy | Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 4.3 | CVE-2024-23323 [email protected] [email protected] |
fivestarplugins -- five_star_restaurant_menu | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5. | 2024-02-05 | 5.4 | CVE-2024-24838 [email protected] |
forum_one -- wp-cfm | Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm. This issue affects WP-CFM: from n/a through 1.7.8. | 2024-02-07 | 5.4 | CVE-2024-24706 [email protected] [email protected] |
frappe -- frappe | Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available. | 2024-02-07 | 5.4 | CVE-2024-24812 [email protected] [email protected] [email protected] |
galleon -- eap_eap-xp_servers | An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server. | 2024-02-06 | 6.8 | CVE-2023-4503 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
getsentry -- sentry | Sentry is an error tracking and performance monitoring platform. Sentry's integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 4.3 | CVE-2024-24829 [email protected] [email protected] [email protected] |
gitlab -- gitlab | An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches. | 2024-02-08 | 6.5 | CVE-2023-6564 [email protected] |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.6.7, all versions starting from 16.7 before 16.7.5, all versions starting from 16.8 before 16.8.2. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file. | 2024-02-07 | 6.5 | CVE-2023-6736 [email protected] [email protected] |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR. | 2024-02-07 | 6.7 | CVE-2023-6840 [email protected] [email protected] |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL vulnerabilitiesCountByDay | 2024-02-07 | 6.5 | CVE-2024-1066 [email protected] |
globalscape -- cuteftp | A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1190 [email protected] [email protected] [email protected] |
gnu -- coreutils | A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service. | 2024-02-06 | 5.5 | CVE-2024-0684 [email protected] [email protected] [email protected] |
google -- android | In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601. | 2024-02-05 | 6.7 | CVE-2024-20001 [email protected] |
google -- android | In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715. | 2024-02-05 | 6.7 | CVE-2024-20002 [email protected] |
google -- android | In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560. | 2024-02-05 | 6.7 | CVE-2024-20010 [email protected] |
google -- android | In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566. | 2024-02-05 | 6.7 | CVE-2024-20012 [email protected] |
google -- android | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608. | 2024-02-05 | 6.7 | CVE-2024-20013 [email protected] |
google -- android | In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901. | 2024-02-05 | 4.4 | CVE-2024-20016 [email protected] |
graylog -- graylog | Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the authentication cookie for the Graylog server URL for the /api/system/sessions endpoint, as that is the only one vulnerable. | 2024-02-07 | 5.7 | CVE-2024-24823 [email protected] [email protected] [email protected] |
hcl -- bigfix | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. | 2024-02-03 | 6.5 | CVE-2023-37528 [email protected] |
hcl-- devops_deploy | HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. | 2024-02-03 | 6.2 | CVE-2024-23550 [email protected] |
hcl_software -- hcl_sametime | Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. | 2024-02-09 | 5.9 | CVE-2023-50349 [email protected] |
hcl_software -- hcl_sametime | Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. | 2024-02-10 | 4 | CVE-2023-45696 [email protected] |
hcl_software -- hcl_sametime | Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. | 2024-02-10 | 4.8 | CVE-2023-45698 [email protected] |
hcltech -- bigfix_platform | A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. | 2024-02-02 | 6.1 | CVE-2023-37527 [email protected] |
hcltech -- bigfix_platform | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. | 2024-02-02 | 5.4 | CVE-2024-23553 [email protected] |
hid_global -- hid_iclass_se_reader_configuration_cards | Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys. | 2024-02-07 | 5.3 | CVE-2024-23806 [email protected] [email protected] |
hid_global -- iclass_se_cp1000_encoder | Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys. | 2024-02-06 | 5.9 | CVE-2024-22388 [email protected] [email protected] |
howard_ehrenberg -- custom_post_carousels_with_owl | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS. This issue affects Custom Post Carousels with Owl: from n/a through 1.4.6. | 2024-02-10 | 6.5 | CVE-2023-51493 [email protected] |
ibm -- aspera_faspex | IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441. | 2024-02-02 | 5.4 | CVE-2022-40744 [email protected] [email protected] |
ibm -- business_automation_workflow | IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665. | 2024-02-04 | 5.4 | CVE-2023-50947 [email protected] [email protected] [email protected] |
ibm -- engineering_lifecycle_optimization_publishing | IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749. | 2024-02-09 | 6.3 | CVE-2023-45187 [email protected] [email protected] |
ibm -- engineering_lifecycle_optimization_publishing | IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. | 2024-02-09 | 5.1 | CVE-2023-45190 [email protected] [email protected] |
ibm -- i_access_client_solutions | IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091. | 2024-02-09 | 5.1 | CVE-2024-22318 [email protected] [email protected] [email protected] |
ibm -- integration_bus_for_z/os | The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972. | 2024-02-09 | 6.5 | CVE-2024-22332 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113. | 2024-02-02 | 6.1 | CVE-2023-50933 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115. | 2024-02-02 | 6.5 | CVE-2023-50935 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109. | 2024-02-02 | 5.3 | CVE-2023-50327 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. | 2024-02-02 | 5.3 | CVE-2023-50328 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114. | 2024-02-02 | 5.3 | CVE-2023-50934 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131. | 2024-02-02 | 5.4 | CVE-2023-50941 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004. | 2024-02-02 | 5.9 | CVE-2023-50962 [email protected] [email protected] |
ibm -- powersc | IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128. | 2024-02-02 | 4.3 | CVE-2023-50938 [email protected] [email protected] |
ibm -- powervm_hypervisor | IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695. | 2024-02-06 | 5.3 | CVE-2023-46183 [email protected] [email protected] |
ibm -- security_access_manager_container | IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | 2024-02-07 | 5.5 | CVE-2023-31002 [email protected] [email protected] |
ibm -- security_verify_access_appliance/security_verify_access_docker | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972. | 2024-02-03 | 5.5 | CVE-2023-32329 [email protected] [email protected] |
ibm -- semeru_runtime | IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222. | 2024-02-10 | 5.9 | CVE-2024-22361 [email protected] [email protected] |
ibm -- soar_qradar_plugin_app | IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575. | 2024-02-02 | 6.5 | CVE-2023-38019 [email protected] [email protected] |
ibm -- soar_qradar_plugin_app | IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576. | 2024-02-02 | 4.3 | CVE-2023-38020 [email protected] [email protected] |
ibm -- sterling_b2b_integrator | IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827. | 2024-02-09 | 6.5 | CVE-2023-32341 [email protected] [email protected] |
ibm -- sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. | 2024-02-09 | 4.3 | CVE-2023-42016 [email protected] [email protected] |
ibm -- storage_ceph | IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. | 2024-02-02 | 6.5 | CVE-2023-46159 [email protected] [email protected] |
ibm -- storage_defender-resiliency_service | IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | 2024-02-10 | 4.4 | CVE-2024-22312 [email protected] [email protected] |
ibm -- storage_defender_resiliency_service | IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | 2024-02-10 | 6.2 | CVE-2024-22313 [email protected] [email protected] |
ibm -- storage_virtualize | IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016. | 2024-02-07 | 5.9 | CVE-2023-47700 [email protected] [email protected] |
ibm -- tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271. | 2024-02-02 | 6.1 | CVE-2023-47144 [email protected] [email protected] |
ibm -- urbancode_deploy | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971. | 2024-02-06 | 6.2 | CVE-2024-22331 [email protected] [email protected] |
ibm-- powervm_hypervisor | IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135. | 2024-02-04 | 5.3 | CVE-2023-33851 [email protected] [email protected] |
icinga -- icingaweb2-module-incubator | icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class gipfl\Web\Form is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 5.3 | CVE-2024-24819 [email protected] [email protected] [email protected] |
if_so_plugin -- if-so_dynamic_content_personalization | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1. | 2024-02-10 | 6.5 | CVE-2023-51492 [email protected] |
indent-- indent_2.2.13 | A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash. | 2024-02-06 | 5.5 | CVE-2024-0911 [email protected] [email protected] |
itop -- vpn | A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1195 [email protected] [email protected] [email protected] |
jetbrains -- intellij_idea | In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL | 2024-02-06 | 5.3 | CVE-2024-24941 [email protected] |
jetbrains -- intellij_idea | In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives | 2024-02-06 | 4.3 | CVE-2024-24940 [email protected] |
jetbrains -- rider | In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible | 2024-02-06 | 5.3 | CVE-2024-24939 [email protected] |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed | 2024-02-06 | 5.3 | CVE-2024-24936 [email protected] |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible | 2024-02-06 | 5.4 | CVE-2024-24937 [email protected] |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation | 2024-02-06 | 5.3 | CVE-2024-24938 [email protected] |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives | 2024-02-06 | 5.3 | CVE-2024-24942 [email protected] |
jetbrains -- toolbox | In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image | 2024-02-06 | 5.5 | CVE-2024-24943 [email protected] |
jgadbois -- calculatorpro_calculators | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7. | 2024-02-05 | 6.1 | CVE-2024-24847 [email protected] |
jspxcms -- jspxcms | A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. Theexploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability. | 2024-02-03 | 5.3 | CVE-2024-1200 [email protected] [email protected] [email protected] |
juanpao -- jpshop | A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability. | 2024-02-06 | 6.3 | CVE-2024-1259 [email protected] [email protected] [email protected] |
juanpao -- jpshop | A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999. | 2024-02-06 | 6.3 | CVE-2024-1260 [email protected] [email protected] [email protected] |
juanpao -- jpshop | A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000. | 2024-02-06 | 6.3 | CVE-2024-1261 [email protected] [email protected] [email protected] |
juanpao -- jpshop | A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253001 was assigned to this vulnerability. | 2024-02-06 | 6.3 | CVE-2024-1262 [email protected] [email protected] [email protected] |
juanpao -- jpshop | A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability. | 2024-02-06 | 6.3 | CVE-2024-1263 [email protected] [email protected] [email protected] |
juanpao -- jpshop | A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253003. | 2024-02-07 | 6.3 | CVE-2024-1264 [email protected] [email protected] [email protected] |
leanote -- leanote | Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. | 2024-02-07 | 5.5 | CVE-2024-0849 [email protected] [email protected] |
leap13 -- premium_addons_for_elementor | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS. This issue affects Premium Addons for Elementor: from n/a through 4.10.16. | 2024-02-10 | 6.5 | CVE-2024-24831 [email protected] |
libexpat_project -- libexpat | libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. | 2024-02-04 | 5.5 | CVE-2023-52426 [email protected] [email protected] [email protected] |
liferay -- portal/dxp | The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images. | 2024-02-07 | 6.5 | CVE-2024-25143 [email protected] |
liferay -- portal/dxp | Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked. | 2024-02-08 | 5.4 | CVE-2023-47798 [email protected] |
liferay -- portal/dxp | Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used. | 2024-02-08 | 5.3 | CVE-2024-25146 [email protected] |
liferay -- portal/dxp | In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the doAsUserId URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content. | 2024-02-08 | 5.4 | CVE-2024-25148 [email protected] |
liferay -- portal/dxp | The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame. | 2024-02-08 | 4.1 | CVE-2024-25144 [email protected] |
linecorp -- central_dogma | Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass. | 2024-02-02 | 6.1 | CVE-2024-1143 [email protected] |
linksys -- wrt54gl | A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-09 | 4.3 | CVE-2024-1404 [email protected] [email protected] [email protected] |
linksys -- wrt54gl | A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-10 | 4.3 | CVE-2024-1405 [email protected] [email protected] [email protected] |
linksys -- wrt54gl | A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-10 | 4.3 | CVE-2024-1406 [email protected] [email protected] [email protected] |
linux -- kernel | A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key. | 2024-02-04 | 6.5 | CVE-2023-6240 [email protected] [email protected] [email protected] [email protected] |
linux -- kernel | A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. | 2024-02-07 | 6.5 | CVE-2023-6356 [email protected] [email protected] [email protected] [email protected] [email protected] |
linux -- kernel | A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. | 2024-02-07 | 6.5 | CVE-2023-6535 [email protected] [email protected] [email protected] [email protected] [email protected] |
linux -- kernel | A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. | 2024-02-07 | 6.5 | CVE-2023-6536 [email protected] [email protected] [email protected] [email protected] [email protected] |
linux -- kernel | A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. | 2024-02-05 | 6.8 | CVE-2024-24857 [email protected] |
linux -- kernel | A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue. | 2024-02-05 | 6.3 | CVE-2024-24861 [email protected] |
linux -- kernel | A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system. | 2024-02-08 | 5.1 | CVE-2024-1312 [email protected] [email protected] [email protected] |
linux -- kernel | A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service. | 2024-02-05 | 5.3 | CVE-2024-24858 [email protected] |
linux -- kernel | A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | 2024-02-05 | 4.7 | CVE-2024-22386 [email protected] |
linux -- kernel | A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | 2024-02-05 | 4.7 | CVE-2024-23196 [email protected] |
linux -- kernel | A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | 2024-02-05 | 4.7 | CVE-2024-24855 [email protected] |
linux -- kernel | A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service. | 2024-02-05 | 4.8 | CVE-2024-24859 [email protected] |
linux -- kernel | A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | 2024-02-05 | 4.6 | CVE-2024-24860 [email protected] |
linux -- kernel | A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | 2024-02-05 | 4.7 | CVE-2024-24864 [email protected] |
lê_văn_toản -- woocommerce_vietnam_checkout | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lê Văn Toản Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7. | 2024-02-08 | 5.9 | CVE-2024-24885 [email protected] |
m2crypto -- m2crypto | A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | 2024-02-05 | 5.9 | CVE-2023-50781 [email protected] [email protected] |
mark_kinchin -- beds24_online_booking | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS. This issue affects Beds24 Online Booking: from n/a through 2.0.23. | 2024-02-10 | 5.9 | CVE-2024-24717 [email protected] |
mattermost -- mattermost | Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post. | 2024-02-09 | 4.3 | CVE-2024-1402 [email protected] |
michael_dempfle -- advanced_iframe | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS. This issue affects Advanced iFrame: from n/a through 2023.10. | 2024-02-05 | 6.5 | CVE-2024-24870 [email protected] |
micronaut-projects -- micronaut-core | Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to localhost . Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade. | 2024-02-09 | 5.1 | CVE-2024-23639 [email protected] [email protected] |
mightythemes -- mighty_addons | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MightyThemes Mighty Addons for Elementor allows Reflected XSS.This issue affects Mighty Addons for Elementor: from n/a through 1.9.3. | 2024-02-05 | 6.1 | CVE-2024-24846 [email protected] |
miraheze -- managewiki | ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the columns and help keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the (editinterface) right. Users should apply the code changes in commits 886cc6b94 , 2ef0f50880 , and 6942e8b2c to resolve this vulnerability. There are no known workarounds for this vulnerability. | 2024-02-09 | 6.5 | CVE-2024-25109 [email protected] [email protected] [email protected] [email protected] [email protected] |
miraheze -- wikidiscover | WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the ->text() output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the (editinterface) right. This vulnerability has been addressed in commit 267e763a0 . Users are advised to update their installations. There are no known workarounds for this vulnerability. | 2024-02-08 | 4.9 | CVE-2024-25107 [email protected] [email protected] [email protected] |
mjssoftware -- sign_ups | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MJS Software PT Sign Ups - Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups - Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4. | 2024-02-05 | 6.1 | CVE-2024-24848 [email protected] |
mozilla -- firefox | When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. | 2024-02-05 | 6.1 | CVE-2024-0953 [email protected] |
mpedraza2020 -- intranet_del_monterroso | A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dni_profe leads to sql injection. Upgrading to version 4.51.0 is able to address this issue. The identifier of the patch is 678190bee1dfd64b54a2b0e88abfd009e78adce8. It is recommended to upgrade the affected component. The identifier VDB-252717 was assigned to this vulnerability. | 2024-02-04 | 5.5 | CVE-2019-25159 [email protected] [email protected] [email protected] [email protected] |
mrcms -- mrcms | MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. | 2024-02-02 | 5.4 | CVE-2024-24160 [email protected] |
munsoft -- easy_archive_recovery | A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1186 [email protected] [email protected] [email protected] [email protected] |
munsoft -- easy_outlook_express_recovery | A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1187 [email protected] [email protected] [email protected] |
nagios -- nagios_xi | A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators. | 2024-02-02 | 5.4 | CVE-2023-51072 [email protected] |
nationalkeep -- cybermath | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS.This issue affects CyberMath: from v.1.4 before v.1.5. | 2024-02-02 | 6.1 | CVE-2023-6673 [email protected] |
nationalkeep -- cybermath | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS.This issue affects CyberMath: from v1.4 before v1.5. | 2024-02-02 | 5.4 | CVE-2023-6672 [email protected] |
navicat -- navicat | A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252683. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1193 [email protected] [email protected] [email protected] |
netapp -- storagegrid_(formerly_storagegrid_webscale) | StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service. | 2024-02-05 | 6.5 | CVE-2023-27318 [email protected] |
noahkagan -- scroll_triggered_box | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3. | 2024-02-05 | 5.4 | CVE-2024-24865 [email protected] |
nonebot -- nonebot2 | nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template. | 2024-02-09 | 5.7 | CVE-2024-21624 [email protected] [email protected] |
nsasoft -- network_bandwidth_monitor | A vulnerability classified as problematic has been found in Nsasoft NBMonitor Network Bandwidth Monitor 1.6.5.0. This affects an unknown part of the component Registration Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252675. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1185 [email protected] [email protected] [email protected] |
nsasoft -- network_sleuth | A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-252674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1184 [email protected] [email protected] [email protected] |
openbi -- openbi | A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696. | 2024-02-03 | 6.3 | CVE-2024-1198 [email protected] [email protected] [email protected] |
openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. | 2024-02-02 | 6.2 | CVE-2024-21863 [email protected] |
openharmony -- openharmony | in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read. | 2024-02-02 | 5.5 | CVE-2023-43756 [email protected] |
openharmony -- openharmony | in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read. | 2024-02-02 | 5.5 | CVE-2023-49118 [email protected] |
openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. | 2024-02-02 | 5.5 | CVE-2024-0285 [email protected] |
phpems -- phpems | A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability. | 2024-02-09 | 6.3 | CVE-2024-1353 [email protected] [email protected] [email protected] |
pimcore -- admin_ui_classic_bundle | Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually. | 2024-02-07 | 6.5 | CVE-2024-24822 [email protected] [email protected] [email protected] |
plotly -- dash | Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that's visible to another user who opens that view - not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server. Note: This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user. | 2024-02-02 | 5.4 | CVE-2024-21485 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
pyload -- pyload | pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the get_redirect_url function when redirecting users at login. This vulnerability has been patched with commit fe94451. | 2024-02-06 | 4.7 | CVE-2024-24808 [email protected] [email protected] |
python -- cryptography | A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | 2024-02-05 | 5.9 | CVE-2023-50782 [email protected] [email protected] |
qnap -- photo_station | A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later | 2024-02-02 | 5.4 | CVE-2023-47561 [email protected] |
qnap -- qts | An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later | 2024-02-02 | 6.5 | CVE-2023-32967 [email protected] |
qnap -- qts | An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later | 2024-02-02 | 6.7 | CVE-2023-50359 [email protected] |
qnap -- qts | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 4.9 | CVE-2023-41274 [email protected] |
qnap -- qts | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 4.9 | CVE-2023-45026 [email protected] |
qnap -- qts | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 4.9 | CVE-2023-45027 [email protected] |
qnap -- qts | An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 4.9 | CVE-2023-45028 [email protected] |
qualcomm -- aqt1000_firmware | Transient DOS in Audio when invoking callback function of ASM driver. | 2024-02-06 | 5.5 | CVE-2023-33064 [email protected] |
qualcomm -- ar8035_firmware | Transient DOS in Core when DDR memory check is called while DDR is not initialized. | 2024-02-06 | 5.5 | CVE-2023-33060 [email protected] |
rapidscada -- rapid_scada | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system. | 2024-02-02 | 6.5 | CVE-2024-22096 [email protected] [email protected] |
rapidscada -- rapid_scada | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. | 2024-02-02 | 5.4 | CVE-2024-21794 [email protected] [email protected] |
rapidscada -- rapid_scada | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request. | 2024-02-02 | 5.3 | CVE-2024-21866 [email protected] [email protected] |
rapidscada -- rapid_scada | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. | 2024-02-02 | 5.5 | CVE-2024-21869 [email protected] [email protected] |
rdkcentral -- rdk-b | In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148. | 2024-02-05 | 6.7 | CVE-2024-20006 [email protected] |
realmag777 -- active_products_tables_for_woocommerce_professional_products_tables_for_woocommerce_store | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store allows Stored XSS.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store: from n/a through 1.0.6. | 2024-02-10 | 6.5 | CVE-2023-51480 [email protected] |
realmag777 -- bear_bulk_editor_and_products_manager_professional_for_woocommerce_by_pluginus.net | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4. | 2024-02-08 | 5.9 | CVE-2024-24834 [email protected] |
remyandrade -- testimonial_page_manager | A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability. | 2024-02-02 | 6.1 | CVE-2024-1196 [email protected] [email protected] |
rizonesoft -- notepad3 | A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-252678 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1188 [email protected] [email protected] [email protected] |
samsung -- galaxy_store | Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | 2024-02-06 | 5.5 | CVE-2024-20822 [email protected] |
samsung -- galaxy_store | Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | 2024-02-06 | 5.5 | CVE-2024-20823 [email protected] |
samsung -- galaxy_store | Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | 2024-02-06 | 5.5 | CVE-2024-20824 [email protected] |
samsung -- galaxy_store | Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | 2024-02-06 | 5.5 | CVE-2024-20825 [email protected] |
samsung_mobile -- samsung_mobile_devices | Out bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | 2024-02-06 | 6.6 | CVE-2024-20817 [email protected] |
samsung_mobile -- samsung_mobile_devices | Out bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | 2024-02-06 | 6.6 | CVE-2024-20818 [email protected] |
samsung_mobile -- samsung_mobile_devices | Out bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | 2024-02-06 | 6.6 | CVE-2024-20819 [email protected] |
samsung_mobile -- samsung_mobile_devices | Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer. | 2024-02-06 | 5.1 | CVE-2024-20811 [email protected] |
samsung_mobile -- samsung_mobile_devices | Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information. | 2024-02-06 | 4 | CVE-2024-20814 [email protected] |
samsung_mobile -- samsung_mobile_devices | Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read. | 2024-02-06 | 4.4 | CVE-2024-20820 [email protected] |
samsung_mobile -- samsung_mobile_devices | Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. | 2024-02-06 | 4.6 | CVE-2024-20827 [email protected] |
samsung_mobile -- uphelper | Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent. | 2024-02-06 | 5.5 | CVE-2024-20826 [email protected] |
sepidz -- sepidzdigitalmenu | A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. This vulnerability affects unknown code of the file /Waiters. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-06 | 5.3 | CVE-2024-1255 [email protected] [email protected] |
snow_software -- snow_inventory_agent | Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof. This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0 | 2024-02-08 | 6 | CVE-2023-7169 [email protected] |
solar-log -- 2000_pm\+_firmware | A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. | 2024-02-02 | 5.4 | CVE-2023-46344 [email protected] [email protected] |
spring_security -- spring_security | The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of "CWE-732: Incorrect Permission Assignment for Critical Resource" and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue. | 2024-02-05 | 4.1 | CVE-2023-34042 [email protected] |
stimulsoft -- dashboards | Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field. | 2024-02-05 | 5.4 | CVE-2024-24397 [email protected] [email protected] [email protected] |
suite_crm -- suite_crm | Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF. | 2024-02-07 | 5 | CVE-2023-6388 [email protected] [email protected] |
tenable -- nessus | A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. | 2024-02-07 | 6.5 | CVE-2024-0971 [email protected] |
tenable -- nessus | A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts. | 2024-02-07 | 4.8 | CVE-2024-0955 [email protected] |
thorsten -- phpmyfaq | phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5. | 2024-02-05 | 6.5 | CVE-2024-22208 [email protected] [email protected] |
thorsten -- phpmyfaq | phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5. | 2024-02-05 | 6.5 | CVE-2024-24574 [email protected] [email protected] [email protected] |
thorsten -- phpmyfaq | phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5. | 2024-02-05 | 5.7 | CVE-2024-22202 [email protected] [email protected] |
tongda -- oa_2017 | A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-252990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-06 | 5.5 | CVE-2024-1251 [email protected] [email protected] [email protected] |
tongda -- oa_2017 | A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991. | 2024-02-06 | 5.5 | CVE-2024-1252 [email protected] [email protected] [email protected] |
ujcms -- jspxcms | A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996. | 2024-02-06 | 6.1 | CVE-2024-1257 [email protected] [email protected] [email protected] |
ujcms -- jspxcms | A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995. | 2024-02-06 | 4.3 | CVE-2024-1256 [email protected] [email protected] [email protected] |
vercel -- pkg | pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/* which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if /tmp/pkg/ was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21's support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security. | 2024-02-09 | 6.6 | CVE-2024-24828 [email protected] [email protected] |
vmware -- aria_operations_for_networks | Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. | 2024-02-06 | 4.8 | CVE-2024-22238 [email protected] |
vmware -- aria_operations_for_networks | Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. | 2024-02-06 | 4.9 | CVE-2024-22240 [email protected] |
vmware -- aria_operations_for_networks | Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. | 2024-02-06 | 4.8 | CVE-2024-22241 [email protected] |
websoudan -- mw_wp_form | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS. This issue affects MW WP Form: from n/a through 5.0.6. | 2024-02-10 | 6.5 | CVE-2024-24804 [email protected] |
westermo -- lynx | A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. | 2024-02-06 | 6.6 | CVE-2023-45213 [email protected] |
westermo -- lynx | An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. | 2024-02-06 | 5.4 | CVE-2023-40143 [email protected] |
westermo -- lynx | An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. | 2024-02-06 | 5.7 | CVE-2023-40544 [email protected] |
westermo -- lynx | An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. | 2024-02-06 | 5.4 | CVE-2023-42765 [email protected] |
westermo -- lynx | An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. | 2024-02-06 | 5.4 | CVE-2023-45222 [email protected] |
westermo -- lynx | An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. | 2024-02-06 | 5.4 | CVE-2023-45227 [email protected] |
western_digital -- my_cloud_os_5 | Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104. | 2024-02-05 | 5.5 | CVE-2023-22817 [email protected] |
western_digital -- my_cloud_os_5 | An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161. | 2024-02-05 | 4.9 | CVE-2023-22819 [email protected] |
wolfssl -- wolfssl | wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define "WOLFSSL_STATIC_RSA" enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However, the server's private key is not exposed. | 2024-02-09 | 5.9 | CVE-2023-6935 [email protected] [email protected] |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyAgilePrivacy My Agile Privacy - The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy - The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7. | 2024-02-10 | 6.5 | CVE-2023-51404 [email protected] |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP - Donation Plugin and Fundraising Platform: from n/a through 3.2.2. | 2024-02-10 | 6.5 | CVE-2023-51415 [email protected] |
wordpress -- wordpress | The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-08 | 6.4 | CVE-2023-5665 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Meta Box - WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2023-6526 [email protected] [email protected] |
wordpress -- wordpress | The Display custom fields in the frontend - Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2023-6982 [email protected] [email protected] |
wordpress -- wordpress | The 10Web AI Assistant - AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site. | 2024-02-05 | 6.5 | CVE-2023-6985 [email protected] [email protected] |
wordpress -- wordpress | The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 9.7.6. | 2024-02-05 | 6.4 | CVE-2023-7029 [email protected] [email protected] |
wordpress -- wordpress | The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-0254 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-07 | 6.4 | CVE-2024-0256 [email protected] [email protected] |
wordpress -- wordpress | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-0448 [email protected] [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-0508 [email protected] [email protected] [email protected] [email protected] |
wordpress -- wordpress | The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'request' parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-02-05 | 6.1 | CVE-2024-0509 [email protected] [email protected] |
wordpress -- wordpress | The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.5 | CVE-2024-0586 [email protected] [email protected] |
wordpress -- wordpress | The Formidable Forms - Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-05 | 6.1 | CVE-2024-0660 [email protected] [email protected] |
wordpress -- wordpress | The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-02-05 | 6.6 | CVE-2024-0668 [email protected] [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.5 | CVE-2024-0678 [email protected] [email protected] |
wordpress -- wordpress | The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-02-05 | 6.6 | CVE-2024-0699 [email protected] [email protected] |
wordpress -- wordpress | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-0834 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-0954 [email protected] [email protected] |
wordpress -- wordpress | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-0961 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The All-In-One Security (AIOS) - Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-02-07 | 6.1 | CVE-2024-1037 [email protected] [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 6.4 | CVE-2024-1046 [email protected] [email protected] |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS. This issue affects CC BMI Calculator: from n/a through 2.0.1. | 2024-02-10 | 6.5 | CVE-2024-23516 [email protected] |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin - Online Booking for WordPress allows Stored XSS. This issue affects Scheduling Plugin - Online Booking for WordPress: from n/a through 3.5.10. | 2024-02-10 | 6.5 | CVE-2024-23517 [email protected] |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS. This issue affects Heateor Social Login WordPress: from n/a through 1.1.30. | 2024-02-10 | 6.5 | CVE-2024-24712 [email protected] |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings - Car Listings & Car Dealership Plugin for WordPress allows Stored XSS. This issue affects Auto Listings - Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5. | 2024-02-10 | 6.5 | CVE-2024-24713 [email protected] |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel - WordPress Owl Carousel Slider allows Stored XSS. This issue affects OWL Carousel - WordPress Owl Carousel Slider: from n/a through 1.4.0. | 2024-02-10 | 6.5 | CVE-2024-24801 [email protected] |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoperation Ultra Companion - Companion plugin for WPoperation Themes allows Stored XSS. This issue affects Ultra Companion - Companion plugin for WPoperation Themes: from n/a through 1.1.9. | 2024-02-10 | 6.5 | CVE-2024-24803 [email protected] |
wordpress -- wordpress | The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts. | 2024-02-05 | 5.3 | CVE-2023-6557 [email protected] [email protected] |
wordpress -- wordpress | The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2023-6701 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2023-6807 [email protected] [email protected] |
wordpress -- wordpress | The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2023-6808 [email protected] [email protected] [email protected] |
wordpress -- wordpress | This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2023-6884 [email protected] [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array. | 2024-02-05 | 5.3 | CVE-2023-6963 [email protected] [email protected] |
wordpress -- wordpress | The Author Box, Guest Author and Co-Authors for Your Posts - Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable. | 2024-02-05 | 5.3 | CVE-2023-7014 [email protected] [email protected] |
wordpress -- wordpress | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2024-0255 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2024-0382 [email protected] [email protected] |
wordpress -- wordpress | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2024-0384 [email protected] [email protected] |
wordpress -- wordpress | The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2024-0585 [email protected] [email protected] |
wordpress -- wordpress | The Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. | 2024-02-10 | 5.3 | CVE-2024-0596 [email protected] [email protected] |
wordpress -- wordpress | The Easy Digital Downloads - Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.5 | CVE-2024-0659 [email protected] [email protected] |
wordpress -- wordpress | The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import. | 2024-02-05 | 5.5 | CVE-2024-0691 [email protected] [email protected] |
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator. | 2024-02-05 | 5.3 | CVE-2024-0701 [email protected] [email protected] |
wordpress -- wordpress | The WOLF - WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions. This makes it possible for unauthenticated attackers to create, modify and delete taxonomy terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Furthermore, the functions wpbe_save_options, wpbe_bulk_delete_posts_count, wpbe_bulk_delete_posts, and wpbe_save_meta are vulnerable to Cross-Site Request Forgery allowing for plugin options update, post count deletion, post deletion and modification of post metadata via forged request. | 2024-02-05 | 5.4 | CVE-2024-0790 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-05 | 5.4 | CVE-2024-0823 [email protected] [email protected] |
wordpress -- wordpress | The PDF Flipbook, 3D Flipbook - DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-03 | 5.4 | CVE-2024-0895 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-02 | 5.4 | CVE-2024-0963 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content. | 2024-02-08 | 5.3 | CVE-2024-0965 [email protected] [email protected] |
wordpress -- wordpress | The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content. | 2024-02-05 | 5.3 | CVE-2024-0969 [email protected] [email protected] |
wordpress -- wordpress | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys. | 2024-02-02 | 5.3 | CVE-2024-1047 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-07 | 5.4 | CVE-2024-1055 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-02 | 5.4 | CVE-2024-1073 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII. | 2024-02-07 | 5.3 | CVE-2024-1079 [email protected] [email protected] |
wordpress -- wordpress | The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information. | 2024-02-07 | 5.3 | CVE-2024-1109 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings. | 2024-02-07 | 5.3 | CVE-2024-1110 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings. | 2024-02-05 | 5.3 | CVE-2024-1121 [email protected] [email protected] |
wordpress -- wordpress | The Event Manager, Events Calendar, Events Tickets for WooCommerce - Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. | 2024-02-09 | 5.3 | CVE-2024-1122 [email protected] [email protected] |
wordpress -- wordpress | The WP Club Manager - WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs | 2024-02-05 | 5.3 | CVE-2024-1177 [email protected] [email protected] |
wordpress -- wordpress | The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions. | 2024-02-05 | 5.3 | CVE-2024-1208 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. | 2024-02-05 | 5.3 | CVE-2024-1209 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes. | 2024-02-05 | 5.3 | CVE-2024-1210 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID. | 2024-02-05 | 4.3 | CVE-2023-4637 [email protected] [email protected] [email protected] [email protected] |
wordpress -- wordpress | The PDF Generator For Fluent Forms - The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin. | 2024-02-05 | 4.9 | CVE-2023-6953 [email protected] [email protected] |
wordpress -- wordpress | The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings. | 2024-02-05 | 4.3 | CVE-2023-6959 [email protected] [email protected] |
wordpress -- wordpress | The Display custom fields in the frontend - Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta. | 2024-02-05 | 4.3 | CVE-2023-6983 [email protected] [email protected] |
wordpress -- wordpress | The Starbox - the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings. | 2024-02-05 | 4.3 | CVE-2024-0366 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts. | 2024-02-05 | 4.3 | CVE-2024-0370 [email protected] [email protected] |
wordpress -- wordpress | The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. | 2024-02-05 | 4.3 | CVE-2024-0371 [email protected] [email protected] |
wordpress -- wordpress | The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. | 2024-02-05 | 4.3 | CVE-2024-0372 [email protected] [email protected] |
wordpress -- wordpress | The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-05 | 4.3 | CVE-2024-0373 [email protected] [email protected] |
wordpress -- wordpress | The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-05 | 4.3 | CVE-2024-0374 [email protected] [email protected] |
wordpress -- wordpress | The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting. | 2024-02-05 | 4.3 | CVE-2024-0380 [email protected] [email protected] |
wordpress -- wordpress | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-08 | 4.3 | CVE-2024-0511 [email protected] [email protected] |
wordpress -- wordpress | The Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails. | 2024-02-10 | 4.3 | CVE-2024-0595 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-02-05 | 4.4 | CVE-2024-0597 [email protected] [email protected] |
wordpress -- wordpress | The Content Views - Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-02-05 | 4.4 | CVE-2024-0612 [email protected] [email protected] |
wordpress -- wordpress | The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-02-05 | 4.4 | CVE-2024-0630 [email protected] [email protected] |
wordpress -- wordpress | The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-02-09 | 4.4 | CVE-2024-0657 [email protected] [email protected] |
wordpress -- wordpress | The WOLF - WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms. | 2024-02-05 | 4.3 | CVE-2024-0791 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-05 | 4.3 | CVE-2024-0796 [email protected] [email protected] |
wordpress -- wordpress | The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use. | 2024-02-05 | 4.3 | CVE-2024-0797 [email protected] [email protected] |
wordpress -- wordpress | The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values. | 2024-02-05 | 4.3 | CVE-2024-0835 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-05 | 4.3 | CVE-2024-0859 [email protected] [email protected] [email protected] |
wordpress -- wordpress | The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image. | 2024-02-07 | 4.4 | CVE-2024-0977 [email protected] [email protected] |
wordpress -- wordpress | The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes. | 2024-02-07 | 4.3 | CVE-2024-1078 [email protected] [email protected] |
wordpress -- wordpress | The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them. | 2024-02-05 | 4.3 | CVE-2024-1092 [email protected] [email protected] |
wordpress -- wordpress | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-02 | 4.3 | CVE-2024-1162 [email protected] [email protected] |
wp_hosting -- pay_with_vipps_and_mobilepay_for_woocommerce | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS. This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13. | 2024-02-10 | 6.5 | CVE-2023-51485 [email protected] |
wpsc-plugin -- structured_content | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.6.1. | 2024-02-05 | 5.4 | CVE-2024-24839 [email protected] |
xunruicms -- xunruicms | Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. | 2024-02-02 | 6.1 | CVE-2024-24388 [email protected] |
zabbix -- zabbix | The cause of vulnerability is improper validation of form input field "Name" on Graph page in Items section. | 2024-02-09 | 5.5 | CVE-2024-22119 [email protected] |
Back to top
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
armcode -- alienip | A vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 3.3 | CVE-2024-1194 [email protected] [email protected] [email protected] |
codeastro -- restaurant_pos_system | A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-253010 is the identifier assigned to this vulnerability. | 2024-02-07 | 3.5 | CVE-2024-1267 [email protected] [email protected] [email protected] |
codeastro -- university_management_system | A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253008. | 2024-02-07 | 2.4 | CVE-2024-1265 [email protected] [email protected] [email protected] |
codeastro -- university_management_system | A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253009 was assigned to this vulnerability. | 2024-02-07 | 2.4 | CVE-2024-1266 [email protected] [email protected] [email protected] |
concrete_cms -- concrete_cms | Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. | 2024-02-09 | 2.4 | CVE-2024-1245 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
concrete_cms -- concrete_cms | Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user's browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9. | 2024-02-09 | 2 | CVE-2024-1246 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
concrete_cms -- concrete_cms | Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability. | 2024-02-09 | 2 | CVE-2024-1247 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
grub2 -- grub2 | A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks. | 2024-02-06 | 3.3 | CVE-2024-1048 [email protected] [email protected] [email protected] [email protected] |
hcl_software -- hcl_sametime | Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session. | 2024-02-09 | 3.9 | CVE-2023-45718 [email protected] |
juanpao -- jpshop | A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability. | 2024-02-06 | 3.1 | CVE-2024-1258 [email protected] [email protected] [email protected] |
mailcow -- mailcow-dockerized | mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01. | 2024-02-02 | 2.7 | CVE-2024-23824 [email protected] [email protected] [email protected] |
mattermost -- mattermost | Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message. | 2024-02-09 | 3.5 | CVE-2024-23319 [email protected] |
mattermost -- mattermost | Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues. | 2024-02-09 | 3.4 | CVE-2024-24774 [email protected] |
mattermost -- mattermost | Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions. | 2024-02-09 | 3.1 | CVE-2024-24776 [email protected] |
planet-freo -- planet-freo | A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 6ad38c58a45642eb8c7844e2f272ef199f59550d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-252716. | 2024-02-04 | 3.7 | CVE-2015-10129 [email protected] [email protected] [email protected] |
sametime -- sametime | Sametime is impacted by sensitive information passed in URL. | 2024-02-09 | 1.7 | CVE-2023-45716 [email protected] |
samsung_mobile -- samsung_internet | Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. | 2024-02-06 | 2.4 | CVE-2024-20828 [email protected] |
samsung_mobile -- samsung_mobile_devices | Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows attackers to get sensitive information. | 2024-02-06 | 3.3 | CVE-2024-20810 [email protected] |
sourcecodester -- crud | A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability. | 2024-02-03 | 3.5 | CVE-2024-1215 [email protected] [email protected] [email protected] |
sourcecodester -- product_management_system | A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument supplier_name/supplier_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253012. | 2024-02-07 | 2.4 | CVE-2024-1269 [email protected] [email protected] [email protected] |
sulu-- sulu | Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12. | 2024-02-05 | 2.7 | CVE-2024-24807 [email protected] [email protected] [email protected] |
vyperlang -- vyper | Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha3_64 . Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand (that is, it cannot be triggered from regular vyper code). sha3_64 is used for retrieval in mappings. No flow that would cache the key was found so the issue shouldn't be possible to trigger when compiling the compiler-generated IR . This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available. | 2024-02-05 | 3.7 | CVE-2024-24559 [email protected] [email protected] |
vyperlang -- vyper | Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned. | 2024-02-02 | 3.7 | CVE-2024-24560 [email protected] |
wordpress -- wordpress | The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-02-07 | 3.8 | CVE-2024-0628 [email protected] [email protected] |
wordpress -- wordpress | The Minimal Coming Soon - Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden. | 2024-02-05 | 3.7 | CVE-2024-1075 [email protected] [email protected] [email protected] |
Back to top
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
akaunting -- akaunting | An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server. | 2024-02-08 | not yet calculated | CVE-2024-22836 [email protected] [email protected] [email protected] |
android -- binhdrm26_ super_reboot | The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode. | 2024-02-06 | not yet calculated | CVE-2023-47889 [email protected] |
apache_software_foundation -- brpc | Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server. Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch: https://github.com/apache/brpc/pull/2518 | 2024-02-08 | not yet calculated | CVE-2024-23452 [email protected] [email protected] [email protected] [email protected] |
apache_software_foundation -- solr | Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue: '-Dsolr.redaction.system.pattern=.(password|secret|basicauth).' | 2024-02-09 | not yet calculated | CVE-2023-50291 [email protected] [email protected] |
apache_software_foundation -- solr | Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue. | 2024-02-09 | not yet calculated | CVE-2023-50292 [email protected] [email protected] |
apache_software_foundation -- solr | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost". Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting. | 2024-02-09 | not yet calculated | CVE-2023-50298 [email protected] [email protected] [email protected] |
apache_software_foundation -- solr | Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader. | 2024-02-09 | not yet calculated | CVE-2023-50386 [email protected] [email protected] |
aprktool -- aprktool | Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. | 2024-02-02 | not yet calculated | CVE-2024-24482 [email protected] |
archibus -- app_4.0.3 | An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database. | 2024-02-02 | not yet calculated | CVE-2023-48645 [email protected] |
arm_ltd -- bifrost_gpu_kernel_driver | Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system's memory is carefully prepared by the user, then this in turn cause a use-after-free. This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0. | 2024-02-05 | not yet calculated | CVE-2023-5249 [email protected] |
arm_ltd -- bifrost_gpu_kernel_driver | Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the system's memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds. This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0. | 2024-02-05 | not yet calculated | CVE-2023-5643 [email protected] |
artifex -- ghostscript | Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). | 2024-02-04 | not yet calculated | CVE-2020-36773 [email protected] [email protected] [email protected] [email protected] |
atmail -- atmail | Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page. | 2024-02-07 | not yet calculated | CVE-2024-24133 [email protected] |
atos -- unify_openscape_voice_trace_manager | An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request. | 2024-02-08 | not yet calculated | CVE-2023-40262 [email protected] |
atos -- unify_openscape_voice_trace_manager | An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp. | 2024-02-08 | not yet calculated | CVE-2023-40263 [email protected] |
atos -- unify_openscape_voice_trace_manager | An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface. | 2024-02-08 | not yet calculated | CVE-2023-40264 [email protected] |
atos -- unify_openscape_xpressions_webassistant | An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload. | 2024-02-08 | not yet calculated | CVE-2023-40265 [email protected] |
atos -- unify_openscape_xpressions_webassistant | An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal. | 2024-02-08 | not yet calculated | CVE-2023-40266 [email protected] |
axigen -- axigen | Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. | 2024-02-07 | not yet calculated | CVE-2023-40355 [email protected] |
axigen -- axigen | WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates. | 2024-02-08 | not yet calculated | CVE-2023-49101 [email protected] |
axigen -- webmail | Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and before allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. | 2024-02-08 | not yet calculated | CVE-2023-48974 [email protected] [email protected] |
axiomatic_systems -- bento4 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function. | 2024-02-09 | not yet calculated | CVE-2024-25451 [email protected] |
axiomatic_systems -- bento4 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function. | 2024-02-09 | not yet calculated | CVE-2024-25452 [email protected] |
axiomatic_systems -- bento4 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function. | 2024-02-09 | not yet calculated | CVE-2024-25453 [email protected] [email protected] |
axiomatic_systems -- bento4 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function. | 2024-02-09 | not yet calculated | CVE-2024-25454 [email protected] |
binance -- trust_wallet | The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe and link them to specific wallet addresses in order to steal funds from those wallets. | 2024-02-08 | not yet calculated | CVE-2024-23660 [email protected] [email protected] |
binhdrm26 -- super_reboot | An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) Recovery v1.0.3 allows attackers to arbitrarily reset or power off the device via a crafted intent | 2024-02-06 | not yet calculated | CVE-2023-47354 [email protected] [email protected] |
cellinx -- nvt_web_server | An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request. | 2024-02-08 | not yet calculated | CVE-2024-24215 [email protected] [email protected] [email protected] |
cotonti -- contonti_cms | A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2024-02-08 | not yet calculated | CVE-2024-24115 [email protected] |
curl -- curl | curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check. | 2024-02-03 | not yet calculated | CVE-2024-0853 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 |
cybozu_inc -- cybozu_kunai_for_android | Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations. | 2024-02-06 | not yet calculated | CVE-2024-23304 [email protected] [email protected] |
d-link -- dir-816A2 | An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. | 2024-02-08 | not yet calculated | CVE-2024-24321 [email protected] [email protected] [email protected] [email protected] |
d-link -- go-rt-ac750 | D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload. | 2024-02-06 | not yet calculated | CVE-2024-22852 [email protected] [email protected] |
d-link -- go-rt-ac750 | D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. | 2024-02-06 | not yet calculated | CVE-2024-22853 [email protected] [email protected] |
delete-tracker_php -- daily_habit_tracker | SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. | 2024-02-08 | not yet calculated | CVE-2024-24495 [email protected] |
django -- django | An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. | 2024-02-06 | not yet calculated | CVE-2024-24680 [email protected] [email protected] [email protected] |
dronecode -- PX4 | PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes. | 2024-02-06 | not yet calculated | CVE-2024-24254 [email protected] [email protected] |
dronecode -- PX4 | A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions. | 2024-02-06 | not yet calculated | CVE-2024-24255 [email protected] |
dronetag -- drone_scanner | An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets. | 2024-02-06 | not yet calculated | CVE-2024-22520 [email protected] |
easyemail -- easyemail | Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version. | 2024-02-09 | not yet calculated | CVE-2023-39683 [email protected] [email protected] [email protected] |
easysoft -- zentao | An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file. | 2024-02-08 | not yet calculated | CVE-2024-24202 [email protected] |
easysoft -- zentao | Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php. | 2024-02-08 | not yet calculated | CVE-2024-24216 [email protected] [email protected] |
egerie -- risk_manager | An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation. | 2024-02-08 | not yet calculated | CVE-2023-27001 [email protected] |
enlightenment -- imlib2 | An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | not yet calculated | CVE-2024-25447 [email protected] [email protected] |
enlightenment -- imlib2 | An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | not yet calculated | CVE-2024-25448 [email protected] [email protected] |
espruino -- espruino | Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c. | 2024-02-07 | not yet calculated | CVE-2024-25200 [email protected] |
espruino -- espruino | Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c. | 2024-02-07 | not yet calculated | CVE-2024-25201 [email protected] |
eypcnnapps -- quickreboot | The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation. | 2024-02-05 | not yet calculated | CVE-2023-47355 [email protected] [email protected] |
forescout -- secureconnector | Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component. | 2024-02-08 | not yet calculated | CVE-2024-22795 [email protected] [email protected] [email protected] |
glitched_polygons -- l8w8jwt | l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 2024-02-08 | not yet calculated | CVE-2024-25190 [email protected] |
google -- android | In TBD of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-07 | not yet calculated | CVE-2024-22012 [email protected] |
google -- chrome | The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. | 2024-02-08 | not yet calculated | CVE-2023-47131 [email protected] |
google -- chrome | Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-02-07 | not yet calculated | CVE-2024-1283 [email protected] [email protected] [email protected] [email protected] |
google -- chrome | Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-02-07 | not yet calculated | CVE-2024-1284 [email protected] [email protected] [email protected] [email protected] |
gradio-app -- gradio-app_gradio | A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. | 2024-02-05 | not yet calculated | CVE-2024-0964 [email protected] [email protected] |
grav_cms -- grav | A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. | 2024-02-09 | not yet calculated | CVE-2023-31506 [email protected] |
hardy_barth -- cph2_echarge_ladestation | An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature. | 2024-02-06 | not yet calculated | CVE-2023-46359 [email protected] [email protected] |
hardy_barth -- cph2_echarge_ladestation | Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges. | 2024-02-06 | not yet calculated | CVE-2023-46360 [email protected] [email protected] |
hipresta -- hipresta | SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method. | 2024-02-07 | not yet calculated | CVE-2024-24303 [email protected] |
huaxiaerp -- jsherp | jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths. | 2024-02-06 | not yet calculated | CVE-2024-24000 [email protected] [email protected] |
hugin -- hugin | An issue in the HuginBase:anoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | not yet calculated | CVE-2024-25442 [email protected] |
hugin -- hugin | An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image. | 2024-02-09 | not yet calculated | CVE-2024-25443 [email protected] |
hugin -- hugin | Improper handling of values in HuginBase:Tools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. | 2024-02-09 | not yet calculated | CVE-2024-25445 [email protected] |
hugin -- hugin | An issue in the HuginBase:Tools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | not yet calculated | CVE-2024-25446 [email protected] |
imlib2 -- imlib2 | imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). | 2024-02-09 | not yet calculated | CVE-2024-25450 [email protected] [email protected] |
imou -- imou_go | An issue in the com.oneed.dvr.service.DownloadFirmwareService component of IMOU GO v1.0.11 allows attackers to force the download of arbitrary files. | 2024-02-06 | not yet calculated | CVE-2023-47353 [email protected] [email protected] |
innovadeluxe -- innovadeluxe | SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. | 2024-02-09 | not yet calculated | CVE-2023-46350 [email protected] |
intelbras -- roteador_action_rf_1200 | Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie resulting in Login Bypass. | 2024-02-06 | not yet calculated | CVE-2024-22773 [email protected] [email protected] |
ispyconnect.com -- agent_dvr | An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. | 2024-02-06 | not yet calculated | CVE-2024-22514 [email protected] |
ispyconnect.com -- agent_dvr | Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. | 2024-02-06 | not yet calculated | CVE-2024-22515 [email protected] |
it_edge_soft -- cineam_seat_reservation_system | Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1." | 2024-02-09 | not yet calculated | CVE-2024-25307 [email protected] |
it_edge_soft -- hotel_management_system | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. | 2024-02-09 | not yet calculated | CVE-2024-25314 [email protected] |
it_edge_soft -- hotel_management_system | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2. | 2024-02-09 | not yet calculated | CVE-2024-25315 [email protected] |
it_edge_soft -- hotel_management_system | Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2. | 2024-02-09 | not yet calculated | CVE-2024-25316 [email protected] |
it_edge_soft -- hotel_management_system | Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2. | 2024-02-09 | not yet calculated | CVE-2024-25318 [email protected] |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php." | 2024-02-09 | not yet calculated | CVE-2024-25304 [email protected] |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php. | 2024-02-09 | not yet calculated | CVE-2024-25305 [email protected] |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php". | 2024-02-09 | not yet calculated | CVE-2024-25306 [email protected] |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php. | 2024-02-09 | not yet calculated | CVE-2024-25308 [email protected] |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php. | 2024-02-09 | not yet calculated | CVE-2024-25309 [email protected] |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5." | 2024-02-09 | not yet calculated | CVE-2024-25310 [email protected] |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5." | 2024-02-09 | not yet calculated | CVE-2024-25312 [email protected] |
it_edge_soft -- simple_school_management_system | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php. | 2024-02-09 | not yet calculated | CVE-2024-25313 [email protected] |
kitty -- kitty | KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution. | 2024-02-09 | not yet calculated | CVE-2024-23749 [email protected] [email protected] |
kitty -- kitty | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. | 2024-02-09 | not yet calculated | CVE-2024-25003 [email protected] [email protected] |
kitty -- kitty | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. | 2024-02-09 | not yet calculated | CVE-2024-25004 [email protected] [email protected] |
libjwt -- libjwt | libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 2024-02-08 | not yet calculated | CVE-2024-25189 [email protected] |
libxml2 -- libxml2 | An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. | 2024-02-04 | not yet calculated | CVE-2024-25062 [email protected] [email protected] |
linea_grafica -- linea_grafica | Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction. | 2024-02-07 | not yet calculated | CVE-2024-24311 [email protected] |
linux-pam -- linux-pam | linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | 2024-02-06 | not yet calculated | CVE-2024-22365 [email protected] [email protected] [email protected] [email protected] |
litespeed -- litespeed_quick_(lsquic) | In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. | 2024-02-09 | not yet calculated | CVE-2024-25678 [email protected] [email protected] [email protected] |
logpoint -- siem | The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure. | 2024-02-03 | not yet calculated | CVE-2023-49950 [email protected] [email protected] |
ltos-web-interface -- meinberg_lantime_firmware | An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls. | 2024-02-04 | not yet calculated | CVE-2021-46902 [email protected] |
ltos-web-interface -- meinberg_lantime_firmware | An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control). | 2024-02-04 | not yet calculated | CVE-2021-46903 [email protected] |
magic_software_enterprises -- magic_xpi | The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport. | 2024-02-06 | not yet calculated | CVE-2023-52239 [email protected] [email protected] |
mail2world -- business_control_center | Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp. | 2024-02-07 | not yet calculated | CVE-2024-24130 [email protected] |
malwarebytes_binisoft_windows_firewall_control -- malwarebytes_binisoft_windows_firewall_control | mMalwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. | 2024-02-04 | not yet calculated | CVE-2024-25089 [email protected] [email protected] |
min -- min | In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document. | 2024-02-09 | not yet calculated | CVE-2024-25677 [email protected] |
mingsoft -- mcms | File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. | 2024-02-05 | not yet calculated | CVE-2024-22567 [email protected] |
misp -- misp | An issue was discovered in MISP before 2.4.184. Organization logo upload is insecure because of a lack of checks for the file extension and MIME type. | 2024-02-09 | not yet calculated | CVE-2024-25674 [email protected] [email protected] |
misp -- misp | An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. | 2024-02-09 | not yet calculated | CVE-2024-25675 [email protected] [email protected] |
n-able -- n-central | An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. | 2024-02-08 | not yet calculated | CVE-2023-47132 [email protected] |
ncr_atleos -- terminal_handler | Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types. | 2024-02-08 | not yet calculated | CVE-2023-47020 [email protected] [email protected] |
ncr_atleos -- terminal_handler | Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection. | 2024-02-06 | not yet calculated | CVE-2023-47022 [email protected] |
npm -- ip_package | An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function. | 2024-02-08 | not yet calculated | CVE-2023-42282 [email protected] |
oaooa -- pichome | File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. | 2024-02-08 | not yet calculated | CVE-2024-24393 [email protected] |
octane877 -- employee_management_system | SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtusername and txtpassword parameters in the login.php components. | 2024-02-08 | not yet calculated | CVE-2024-24497 [email protected] |
octane877 -- employee_management_system | Unrestricted File Upload vulnerability in Employee Management System 1.0 allows a remote attacker to execute arbitrary code via the edit-photo.php component. | 2024-02-08 | not yet calculated | CVE-2024-24498 [email protected] |
octane877 -- employee_management_system | SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtfullname and txtphone parameters in the edit_profile.php component. | 2024-02-08 | not yet calculated | CVE-2024-24499 [email protected] |
october -- october_cms | Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 | 2024-02-08 | not yet calculated | CVE-2023-25365 [email protected] |
opoendroneid -- opendroneid_osm | An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets. | 2024-02-06 | not yet calculated | CVE-2024-22519 [email protected] |
p-quic -- pquic | In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation. | 2024-02-09 | not yet calculated | CVE-2024-25679 [email protected] [email protected] [email protected] |
paessler -- prtg_network_monitor | Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the web console. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-21182. | 2024-02-08 | not yet calculated | CVE-2023-51630 [email protected] |
php-jwt -- php-jwt | php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 2024-02-08 | not yet calculated | CVE-2024-25191 [email protected] |
plone -- plone | An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm). | 2024-02-05 | not yet calculated | CVE-2024-23054 [email protected] [email protected] [email protected] |
plone -- plone | The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them. | 2024-02-08 | not yet calculated | CVE-2024-23756 [email protected] |
presta_monster -- hsmultiaccessoriespro | SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts(). | 2024-02-09 | not yet calculated | CVE-2023-50026 [email protected] |
prestashop -- boostmyshop | SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. | 2024-02-09 | not yet calculated | CVE-2024-24308 [email protected] |
prestashop -- mailjet | In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. | 2024-02-07 | not yet calculated | CVE-2024-24304 [email protected] [email protected] |
prestashop -- op'art_easy_redirect | PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher(). | 2024-02-08 | not yet calculated | CVE-2023-50061 [email protected] [email protected] |
prestashop -- rm_bookingcalendar | SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php. | 2024-02-07 | not yet calculated | CVE-2023-46914 [email protected] |
purslane_ltd -- rustdesk | A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation. | 2024-02-06 | not yet calculated | CVE-2024-25140 [email protected] [email protected] [email protected] |
remyandrade -- daily_habit_tracker | Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components. | 2024-02-08 | not yet calculated | CVE-2024-24494 [email protected] |
remyandrade -- daily_habit_tracker | An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components. | 2024-02-08 | not yet calculated | CVE-2024-24496 [email protected] |
reprise -- license_management_software | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account. | 2024-02-03 | not yet calculated | CVE-2023-43183 [email protected] [email protected] |
reprise -- license_management_software | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request. | 2024-02-03 | not yet calculated | CVE-2023-44031 [email protected] [email protected] |
schuhfried -- schuhfried | An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. | 2024-02-07 | not yet calculated | CVE-2023-38995 [email protected] |
setor_informatica -- s_i_l | Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code. | 2024-02-08 | not yet calculated | CVE-2024-24034 [email protected] |
sharp_nec_display_solutions_ltd -- mutiple_products | Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request. | 2024-02-05 | not yet calculated | CVE-2023-7077 [email protected] |
shenzen_tenda_technology -- cp3v2 | An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component. | 2024-02-07 | not yet calculated | CVE-2024-24488 [email protected] |
sofware_publico -- e-sic_livre | File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component. | 2024-02-08 | not yet calculated | CVE-2024-24350 [email protected] [email protected] |
sonicwall -- sonicos | An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. | 2024-02-08 | not yet calculated | CVE-2024-22394 [email protected] |
sourcecodester -- event_student_attendance_system | Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. | 2024-02-09 | not yet calculated | CVE-2024-25302 [email protected] |
stimulsoft -- stimulsoft_dashboard | Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component. | 2024-02-05 | not yet calculated | CVE-2024-24396 [email protected] [email protected] [email protected] |
stimulsoft -- stimulsoft_dashboard | Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function. | 2024-02-06 | not yet calculated | CVE-2024-24398 [email protected] [email protected] [email protected] |
stock_management_system -- stock_management_system | SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. | 2024-02-05 | not yet calculated | CVE-2023-51951 [email protected] |
supabase -- database | Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. | 2024-02-08 | not yet calculated | CVE-2024-24213 [email protected] [email protected] [email protected] [email protected] |
superwebmailer -- superwebmailer | SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php. | 2024-02-07 | not yet calculated | CVE-2024-24131 [email protected] |
symphony -- symphony | An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. | 2024-02-05 | not yet calculated | CVE-2024-23049 [email protected] |
tenda -- ac9 | Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data. | 2024-02-05 | not yet calculated | CVE-2024-24543 [email protected] |
veeam -- recovery_orchestrator | Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. | 2024-02-07 | not yet calculated | CVE-2024-22021 [email protected] |
veeam -- recovery_orchestrator | Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. | 2024-02-07 | not yet calculated | CVE-2024-22022 [email protected] |
vim -- vim | Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. | 2024-02-05 | not yet calculated | CVE-2024-22667 [email protected] [email protected] |
withsecure -- withsecure_client_security | Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later. | 2024-02-08 | not yet calculated | CVE-2024-23764 [email protected] [email protected] |
xmall - xmall | xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. | 2024-02-06 | not yet calculated | CVE-2024-24112 [email protected] |
xuxueli -- xxl-job | xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE. | 2024-02-08 | not yet calculated | CVE-2024-24113 [email protected] |
yealink -- yealink_meeting_server | Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. | 2024-02-08 | not yet calculated | CVE-2024-24091 [email protected] |
yzmcms -- yzmcms | An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. | 2024-02-06 | not yet calculated | CVE-2024-24291 [email protected] |
Back to top
Continue reading...