CISA Bulletins - Vulnerability Summary for the Week of July 8, 2024

  • Welcome to ITBible, we're your #1 resource for enterprise or homelab IT problems (or just a place to show off your stuff).
C

CISA

Guest

High Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
Adobe--Bridge
Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-07-09​
7.8
CVE-2024-34139
[email protected]
Adobe--InDesign Desktop
InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-07-09​
7.8
CVE-2024-20781
[email protected]
Adobe--InDesign Desktop
InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-07-09​
7.8
CVE-2024-20782
[email protected]
Adobe--InDesign Desktop
InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-07-09​
7.8
CVE-2024-20783
[email protected]
Adobe--InDesign Desktop
InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-07-09​
7.8
CVE-2024-20785
[email protected]
Adobe--Premiere Pro
Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur when the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction, attack complexity is high.​
2024-07-09​
7
CVE-2024-34123
[email protected]
Advanced File Manager--Advanced File Manager Shortcodes
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible.​
2024-07-10​
8.8
CVE-2023-7061
[email protected]
[email protected]
Advanced File Manager--Advanced File Manager Shortcodes
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information.​
2024-07-10​
8.8
CVE-2023-7062
[email protected]
[email protected]
airbytehq--airbyte
Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2.​
2024-07-09​
8.5
CVE-2024-38363
[email protected]
Ali2Woo Team--Ali2Woo Lite
Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Team Ali2Woo Lite allows Cross-Site Scripting (XSS).This issue affects Ali2Woo Lite: from n/a through 3.3.9.​
2024-07-12​
7.1
CVE-2024-37213
[email protected]
Andy Moyle--Church Admin
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.​
2024-07-09​
9.9
CVE-2024-37418
[email protected]
anhvnit--Woocommerce OpenPos
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anhvnit Woocommerce OpenPos.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.​
2024-07-12​
9.3
CVE-2024-37933
[email protected]
anhvnit--Woocommerce OpenPos
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.​
2024-07-12​
8.6
CVE-2024-37932
[email protected]
ashanjay--EventON
The EventON plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eventon_import_settings' ajax action in all versions up to, and including, 2.2.15. This makes it possible for unauthenticated attackers to update plugin settings, including adding stored cross-site scripting to settings options displayed on event calendar pages.​
2024-07-09​
7.2
CVE-2024-6180
[email protected]
[email protected]
[email protected]
Automattic--Newspack Blocks
Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8.​
2024-07-09​
9.9
CVE-2024-37424
[email protected]
Automattic--Newspack Blocks
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8.​
2024-07-10​
7.5
CVE-2024-37115
[email protected]
bitpressadmin--Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.12.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.​
2024-07-09​
7.2
CVE-2024-6123
[email protected]
[email protected]
Booking Ultra Pro--Booking Ultra Pro
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Booking Ultra Pro allows PHP Local File Inclusion.This issue affects Booking Ultra Pro: from n/a through 1.1.13.​
2024-07-12​
7.1
CVE-2024-38717
[email protected]
Brainstorm Force--Ultimate Addons for Elementor
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31.​
2024-07-09​
8.8
CVE-2024-37455
[email protected]
Checkmk GmbH--Checkmk
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.​
2024-07-10​
8.8
CVE-2024-28827
[email protected]
Checkmk GmbH--Checkmk
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.​
2024-07-10​
8.8
CVE-2024-28828
[email protected]
code-projects--Simple Task List
A vulnerability was found in code-projects Simple Task List 1.0. It has been declared as critical. This vulnerability affects unknown code of the file loginForm.php of the component Login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271060.​
2024-07-11​
7.3
CVE-2024-6653
[email protected]
[email protected]
[email protected]
[email protected]
Codeless--Cowidgets Elementor Addons
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets - Elementor Addons allows Path Traversal.This issue affects Cowidgets - Elementor Addons: from n/a through 1.1.1.​
2024-07-09​
7.5
CVE-2024-37419
[email protected]
codermy -- my-springsecurity-plus
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.​
2024-07-12​
9.8
CVE-2024-40539
[email protected]
codermy -- my-springsecurity-plus
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept.​
2024-07-12​
9.8
CVE-2024-40540
[email protected]
codermy -- my-springsecurity-plus
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build.​
2024-07-12​
9.8
CVE-2024-40541
[email protected]
codermy -- my-springsecurity-plus
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset.​
2024-07-12​
9.8
CVE-2024-40542
[email protected]
Crocoblock--JetThemeCore
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetThemeCore allows File Manipulation.This issue affects JetThemeCore: from n/a before 2.2.1.​
2024-07-09​
7.7
CVE-2024-37497
[email protected]
deano1987--Advanced AJAX Page Loader
The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.7.7. This is due to missing nonce validation in the 'admin_init_AAPL' function and missing file type validation in the 'AAPL_options_validate' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-07-09​
8.8
CVE-2024-6310
[email protected]
[email protected]
[email protected]
decidim--decidim
Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter per_page. This vulnerability is fixed in 0.27.6 and 0.28.1.​
2024-07-10​
7.1
CVE-2024-32469
[email protected]
[email protected]
[email protected]
Delta Electronics--CNCSoft-G2
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.​
2024-07-09​
7.8
CVE-2024-39880
[email protected]
directus--directus
Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a "helpful" error that the user belongs to another provider. This vulnerability is fixed in 10.13.0.​
2024-07-08​
7.5
CVE-2024-39896
[email protected]
[email protected]
dlink -- dir-823x_ax3000_firmware
D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings.​
2024-07-08​
8.8
CVE-2024-39202
[email protected]
docker -- desktop
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310  additionally changes the default configuration to enable this setting by default.​
2024-07-09​
7
CVE-2024-6222
[email protected]
dwieeb--ScrollTo Bottom
The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'options_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-07-09​
8.8
CVE-2024-6321
[email protected]
[email protected]
dwieeb--ScrollTo Top
The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2. This is due to missing nonce validation and missing file type validation in the 'options_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-07-09​
8.8
CVE-2024-6320
[email protected]
[email protected]
Dylan James--Zephyr Project Manager
Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97.​
2024-07-09​
8.8
CVE-2024-37484
[email protected]
e4jconnect -- vikrentcar
The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks​
2024-07-11​
8.8
CVE-2024-1845
[email protected]
electron -- electron-builder
electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any environment variable found in command-line above. This creates a situation where verifySignature() can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6.​
2024-07-09​
7.5
CVE-2024-39698
[email protected]
[email protected]
[email protected]
[email protected]
embedded-solutions -- freemodbus
Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodbus v.2018-09-12 allows a remtoe attacker to cause a denial of service via the LINUXTCP server component.​
2024-07-08​
7.5
CVE-2024-31504
[email protected]
EVerest--everest-core
EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0.​
2024-07-10​
9
CVE-2024-37310
[email protected]
[email protected]
[email protected]
[email protected]
ExtremePacs--Extreme XDS
Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928.​
2024-07-08​
7.2
CVE-2024-4341
[email protected]
Favethemes--Houzez Theme - Functionality
The Houzez Theme - Functionality plugin for WordPress is vulnerable to SQL Injection via the 'currency_code' parameter in all versions up to, and including, 3.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level (seller) access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-07-09​
8.8
CVE-2024-5793
[email protected]
[email protected]
FOGProject--fogproject
FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.​
2024-07-12​
9.8
CVE-2024-39914
[email protected]
[email protected]
Fortinet--FortiADC
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud.​
2024-07-09​
7.4
CVE-2023-50178
[email protected]
Fortinet--FortiAIOps
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.​
2024-07-09​
8.1
CVE-2024-27782
[email protected]
Fortinet--FortiAIOps
Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files.​
2024-07-09​
8.8
CVE-2024-27784
[email protected]
Fortinet--FortiAIOps
Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.​
2024-07-09​
7.6
CVE-2024-27783
[email protected]
Fortinet--FortiExtender
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.​
2024-07-09​
8.8
CVE-2024-23663
[email protected]
fullservices--FULL Cliente
The FULL - Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on the related functions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever an administrative user accesses wp-admin dashboard​
2024-07-11​
7.2
CVE-2024-6447
[email protected]
[email protected]
[email protected]
[email protected]
G5Theme--Ultimate Bootstrap Elements for Elementor
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows Path Traversal.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.2.​
2024-07-09​
8.5
CVE-2024-37462
[email protected]
genetechproducts--Registration Forms User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction
The Registration Forms - User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation/deactivation due to missing capability checks on the pieregister_install_addon, pieregister_activate_addon and pieregister_deactivate_addon functions in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install, activate and deactivate arbitrary plugins. As a result attackers might achieve code execution on the targeted server​
2024-07-09​
8.8
CVE-2024-6069
[email protected]
[email protected]
[email protected]
[email protected]
gitlab -- gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.​
2024-07-11​
9.8
CVE-2024-6385
[email protected]
[email protected]
glpi-project--glpi
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16.​
2024-07-10​
8.1
CVE-2024-37148
[email protected]
glpi-project--glpi
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16.​
2024-07-10​
7.2
CVE-2024-37149
[email protected]
Google--Android
In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
8.4
CVE-2024-23695
[email protected]
Google--Android
In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
8.4
CVE-2024-23696
[email protected]
Google--Android
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
8.4
CVE-2024-31319
[email protected]
[email protected]
Google--Android
In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
8.4
CVE-2024-31332
[email protected]
[email protected]
Google--Android
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7.8
CVE-2023-21113
[email protected]
[email protected]
[email protected]
[email protected]
Google--Android
In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7.3
CVE-2024-23697
[email protected]
Google--Android
In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7.8
CVE-2024-23698
[email protected]
Google--Android
In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7.8
CVE-2024-23711
[email protected]
Google--Android
In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7.8
CVE-2024-31316
[email protected]
[email protected]
Google--Android
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7.8
CVE-2024-31317
[email protected]
[email protected]
Google--Android
In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7.4
CVE-2024-31320
[email protected]
[email protected]
[email protected]
Google--Android
In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7.8
CVE-2024-31323
[email protected]
[email protected]
Google--Android
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.​
2024-07-09​
7.8
CVE-2024-31324
[email protected]
[email protected]
Google--Android
In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.​
2024-07-09​
7.8
CVE-2024-31331
[email protected]
[email protected]
Google--Android
In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7.8
CVE-2024-31339
[email protected]
[email protected]
Google--Android
In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7.4
CVE-2024-34720
[email protected]
[email protected]
Google--Android
In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7.4
CVE-2024-34722
[email protected]
[email protected]
Google--Android
In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7
CVE-2024-34724
[email protected]
Google--Android
In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
7.8
CVE-2024-34726
[email protected]
hackmdio--codimd
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.​
2024-07-10​
8.1
CVE-2024-38354
[email protected]
HashiCorp--Vault
Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service. While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur. Fixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.​
2024-07-11​
7.5
CVE-2024-6468
[email protected]
hcltech -- domino
This vulnerability is being re-assessed. Vulnerability details will be updated. The security bulletin will be republished when further details are available.​
2024-07-08​
7.5
CVE-2024-23562
[email protected]
Houzez--Houzez CRM
The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes 'belong_to' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level (seller) access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-07-10​
8.8
CVE-2024-5792
[email protected]
[email protected]
ibm -- i
IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227.​
2024-07-08​
7.8
CVE-2024-38330
[email protected]
[email protected]
IBM--MQ Operator
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.​
2024-07-08​
8.1
CVE-2024-39742
[email protected]
[email protected]
IBM--WebSphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.​
2024-07-09​
7.2
CVE-2024-35154
[email protected]
[email protected]
ifm--Smart PLC AC14xx Firmware
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.​
2024-07-09​
9.8
CVE-2024-28747
[email protected]
ifm--Smart PLC AC14xx Firmware
An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.Â​
2024-07-09​
9.1
CVE-2024-28751
[email protected]
ifm--Smart PLC AC14xx Firmware
A remote attacker with high privileges may use a reading file function to inject OS commands.​
2024-07-09​
7.2
CVE-2024-28748
[email protected]
ifm--Smart PLC AC14xx Firmware
A remote attacker with high privileges may use a writing file function to inject OS commands.​
2024-07-09​
7.2
CVE-2024-28749
[email protected]
ifm--Smart PLC AC14xx Firmware
A remote attacker with high privileges may use a deleting file function to inject OS commands.​
2024-07-09​
7.2
CVE-2024-28750
[email protected]
inspireui--MStore API Create Native Android & iOS Apps On The Cloud
The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebase_sms_login' and 'firebase_sms_login_v2' functions. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email address or phone number. Additionally, if a new email address is supplied, a new user account is created with the default role, even if registration is disabled.​
2024-07-12​
9.8
CVE-2024-6328
[email protected]
[email protected]
[email protected]
[email protected]
instawp -- instawp_connect
The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username, and to perform a variety of other administrative tasks. NOTE: This vulnerability was partially fixed in 0.1.0.44, but was still exploitable via Cross-Site Request Forgery.​
2024-07-11​
9.8
CVE-2024-6397
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
IqbalRony--WP User Switch
Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0.​
2024-07-12​
8
CVE-2024-37560
[email protected]
isc -- stork
The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected. This issue affects Stork versions 0.15.0 through 1.15.0.​
2024-07-11​
8.1
CVE-2024-28872
[email protected]
jevnet--Easy Pixels
The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
7.2
CVE-2024-5479
[email protected]
[email protected]
[email protected]
[email protected]
Juniper Networks, Inc.--Junos OS
An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device. This issue affects Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2.​
2024-07-10​
8.8
CVE-2024-39565
[email protected]
[email protected]
[email protected]
Juniper Networks--Junos OS
A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS). When the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning. This issue is only seen when telemetry subscription is active. The Heap memory utilization can be monitored using the following command:  > show system processes extensive The following command can be used to monitor the memory utilization of the specific sensor  > show system info | match sensord PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32 This issue affects Junos OS: * from 21.2R3-S5 before 21.2R3-S7, * from 21.4R3-S4 before 21.4R3-S6, * from 22.2R3 before 22.2R3-S4, * from 22.3R2 before 22.3R3-S2, * from 22.4R1 before 22.4R3, * from 23.2R1 before 23.2R2.​
2024-07-10​
7.5
CVE-2024-39518
[email protected]
Juniper Networks--Junos OS
A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service. This issue affects Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.​
2024-07-11​
7.5
CVE-2024-39529
[email protected]
Juniper Networks--Junos OS
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage. This issue affects Junos OS: * 21.4 versions from 21.4R3 before 21.4R3-S5, * 22.1 versions from 22.1R3 before 22.1R3-S4, * 22.2 versions from 22.2R2 before 22.2R3, * 22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3, * 22.4 versions from 22.4R1 before 22.4R2. This issue does not affect Junos OS versions earlier than 21.4.​
2024-07-11​
7.5
CVE-2024-39530
[email protected]
Juniper Networks--Junos OS
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives specific valid TCP traffic, the pfe crashes and restarts leading to a momentary but complete service outage. This issue affects Junos OS: 21.2 releases from 21.2R3-S5 before 21.2R3-S6. This issue does not affect earlier or later releases.​
2024-07-11​
7.5
CVE-2024-39540
[email protected]
Juniper Networks--Junos OS
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS). This issue can occur in two scenarios: 1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.) 2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. Please note that the CVSS score is for the formally more severe issue 1. The CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) This issue affects Junos OS: * All versions before 21.2R3-S4, * 21.4 versions before 21.4R2, * 22.2 versions before 22.2R3-S2; Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4 versions before 21.4R2-EVO.​
2024-07-11​
7.5
CVE-2024-39542
[email protected]
Juniper Networks--Junos OS
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS). This issue is applicable to all platforms that run iked. This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.1 before 22.1R3-S2, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S1, 22.3R3, * from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3.​
2024-07-11​
7.5
CVE-2024-39545
[email protected]
Juniper Networks--Junos OS
A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS). Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd). Memory utilization could be monitored by: user@host> show system memory or show system monitor memory status This issue affects: Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.2 before 24.2R2-EVO. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.2 before 24.2R2-EVO.​
2024-07-11​
7.5
CVE-2024-39549
[email protected]
Juniper Networks--Junos OS
An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command.   user@host> show usp memory segment sha data objcache jsf This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC: *  20.4 before 20.4R3-S10, *  21.2 before 21.2R3-S6, *  21.3 before 21.3R3-S5, *  21.4 before 21.4R3-S6, *  22.1 before 22.1R3-S4, *  22.2 before 22.2R3-S2, *  22.3 before 22.3R3-S1, *  22.4 before 22.4R3, *  23.2 before 23.2R2.​
2024-07-11​
7.5
CVE-2024-39551
[email protected]
Juniper Networks--Junos OS
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts. Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. This issue affects: Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2. Juniper Networks Junos OS Evolved: * All versions earlier than 21.2R3-S7; * 21.3-EVO versions earlier than 21.3R3-S5; * 21.4-EVO versions earlier than 21.4R3-S8; * 22.1-EVO versions earlier than 22.1R3-S4; * 22.2-EVO versions earlier than 22.2R3-S3; * 22.3-EVO versions earlier than 22.3R3-S2; * 22.4-EVO versions earlier than 22.4R3; * 23.2-EVO versions earlier than 23.2R2.​
2024-07-11​
7.5
CVE-2024-39552
[email protected]
[email protected]
Juniper Networks--Junos OS
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition. Upon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset: BGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list) Only systems with segment routing enabled are vulnerable to this issue. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session. This issue affects: Junos OS: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R1-S2, 23.4R2. Junos OS Evolved:Â * All versions before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S1-EVO, * from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.​
2024-07-10​
7.5
CVE-2024-39555
[email protected]
Juniper Networks--Junos OS Evolved
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * All version before 20.4R3-S6-EVO, * 21.2-EVO versions before 21.2R3-S4-EVO, * 21.4-EVO versions before 21.4R3-S6-EVO, * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO.​
2024-07-11​
7.8
CVE-2024-39520
[email protected]
Juniper Networks--Junos OS Evolved
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO, * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO.​
2024-07-11​
7.8
CVE-2024-39521
[email protected]
Juniper Networks--Junos OS Evolved
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * 22.3-EVO versions before 22.3R2-EVO, * 22.4-EVO versions before 22.4R1-S1-EVO, 22.4R2-EVO.​
2024-07-11​
7.8
CVE-2024-39522
[email protected]
Juniper Networks--Junos OS Evolved
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * All versions before 20.4R3-S7-EVO, * 21.2-EVO versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO, * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO, * 22.4-EVO versions before 22.4R2-EVO.​
2024-07-11​
7.8
CVE-2024-39523
[email protected]
Juniper Networks--Junos OS Evolved
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: All versions before 20.4R3-S7-EVO, 21.2-EVO versions before 21.2R3-S8-EVO, 21.4-EVO versions before 21.4R3-S7-EVO, 22.2-EVO versions before 22.2R3-EVO, 22.3-EVO versions before 22.3R2-EVO, 22.4-EVO versions before 22.4R2-EVO.​
2024-07-11​
7.8
CVE-2024-39524
[email protected]
Juniper Networks--Junos OS Evolved
An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS). If a value is configured for DDoS bandwidth or burst parameters for any protocol in a queue, all protocols which share the same queue will have their bandwidth or burst value changed to the new value. If, for example, OSPF was configured with a certain bandwidth value, ISIS would also be limited to this value. So inadvertently either the control plane is open for a high level of specific traffic which was supposed to be limited to a lower value, or the limit for a certain protocol is so low that chances to succeed with a volumetric DoS attack are significantly increased. This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.1 versions before 22.1R3-S6-EVO, * 22.2 versions before 22.2R3-S3-EVO, * 22.3 versions before 22.3R3-S3-EVO, * 22.4 versions before 22.4R3-S2-EVO, * 23.2 versions before 23.2R2-EVO, * 23.4 versions before 23.4R1-S1-EVO, 23.4R2-EVO.​
2024-07-11​
7.5
CVE-2024-39531
[email protected]
Juniper Networks--Junos OS Evolved
A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system. This issue affects Junos OS Evolved: * All versions prior to 21.2R3-S8-EVO, * 21.4 versions prior to 21.4R3-S6-EVO, * 22.1 versions prior to 22.1R3-S5-EVO, * 22.2 versions prior to 22.2R3-S3-EVO, * 22.3 versions prior to 22.3R3-S3-EVO, * 22.4 versions prior to 22.4R3-EVO, * 23.2 versions prior to 23.2R2-EVO.​
2024-07-11​
7.3
CVE-2024-39546
[email protected]
Juniper Networks--Junos OS Evolved
An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their own and must be manually restarted. This issue affects both IPv4 and IPv6. Changes in memory usage can be monitored using the following CLI command: user@device> show system memory node <fpc slot> | grep evo-aftmann This issue affects Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.3 versions before 21.3R3-S5-EVO, * 21.4 versions before 21.4R3-S5-EVO, * 22.1 versions before 22.1R3-S4-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.3 versions before 22.3R3-S3-EVO, * 22.4 versions before 22.4R2-S2-EVO, 22.4R3-EVO, * 23.2 versions before 23.2R1-S1-EVO, 23.2R2-EVO.​
2024-07-11​
7.5
CVE-2024-39548
[email protected]
Juniper Networks--Junos OS Evolved
A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition. The issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and Netconf over SSH. Once the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored. See WORKAROUND section below. Administrators can monitor an increase in defunct sshd processes by utilizing the CLI command:  > show system processes | match sshd  root  25219 30901 0 Jul16 ?    00:00:00 [sshd] <defunct> This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 21.4R3-S7-EVO * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO.​
2024-07-10​
7.5
CVE-2024-39562
[email protected]
[email protected]
KaineLabs--Youzify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaineLabs Youzify.This issue affects Youzify: from n/a through 1.2.5.​
2024-07-09​
8.5
CVE-2024-37494
[email protected]
kaptinlin--Striking
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kaptinlin Striking allows Path Traversal.This issue affects Striking: from n/a through 2.3.4.​
2024-07-09​
8.5
CVE-2024-37268
[email protected]
level1 -- wbr-6013_firmware
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution.​
2024-07-08​
9.8
CVE-2023-46685
[email protected]
level1 -- wbr-6013_firmware
Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution.​
2024-07-08​
7.2
CVE-2023-49593
[email protected]
Membership Software--WishList Member X
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.​
2024-07-09​
10
CVE-2024-37112
[email protected]
Membership Software--WishList Member X
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.​
2024-07-10​
9.8
CVE-2024-37113
[email protected]
Membership Software--WishList Member X
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.​
2024-07-10​
7.5
CVE-2024-37110
[email protected]
metagauss--ProfileGrid User Profiles, Groups and Communities
The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their user capabilities to Administrator.​
2024-07-10​
8.8
CVE-2024-6411
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
microsoft -- .net
.NET and Visual Studio Denial of Service Vulnerability​
2024-07-09​
7.5
CVE-2024-38095
[email protected]
microsoft -- 365_apps
Microsoft Outlook Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-38021
[email protected]
microsoft -- azure_cyclecloud
Azure CycleCloud Elevation of Privilege Vulnerability​
2024-07-09​
8.8
CVE-2024-38092
[email protected]
microsoft -- defender_for_iot
Microsoft Defender for IoT Elevation of Privilege Vulnerability​
2024-07-09​
9.9
CVE-2024-38089
[email protected]
microsoft -- sharepoint_server
Microsoft SharePoint Server Remote Code Execution Vulnerability​
2024-07-09​
7.2
CVE-2024-38023
[email protected]
microsoft -- sharepoint_server
Microsoft SharePoint Server Remote Code Execution Vulnerability​
2024-07-09​
7.2
CVE-2024-38024
[email protected]
microsoft -- sharepoint_server
Microsoft SharePoint Remote Code Execution Vulnerability​
2024-07-09​
7.2
CVE-2024-38094
[email protected]
microsoft -- windows_10_1507
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37986
[email protected]
microsoft -- windows_10_1507
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37987
[email protected]
microsoft -- windows_10_1507
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37988
[email protected]
microsoft -- windows_10_1507
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37989
[email protected]
microsoft -- windows_10_1507
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-38010
[email protected]
microsoft -- windows_10_1507
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-38011
[email protected]
microsoft -- windows_10_1507
Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability​
2024-07-09​
8.1
CVE-2024-38049
[email protected]
microsoft -- windows_10_1507
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-38053
[email protected]
microsoft -- windows_10_1507
Windows Imaging Component Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-38060
[email protected]
microsoft -- windows_10_1507
Windows Fax Service Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-38104
[email protected]
microsoft -- windows_10_1507
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability​
2024-07-09​
7.2
CVE-2024-38019
[email protected]
microsoft -- windows_10_1507
Windows Image Acquisition Elevation of Privilege Vulnerability​
2024-07-09​
7
CVE-2024-38022
[email protected]
microsoft -- windows_10_1507
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability​
2024-07-09​
7.2
CVE-2024-38025
[email protected]
microsoft -- windows_10_1507
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability​
2024-07-09​
7.2
CVE-2024-38028
[email protected]
microsoft -- windows_10_1507
PowerShell Elevation of Privilege Vulnerability​
2024-07-09​
7.3
CVE-2024-38033
[email protected]
microsoft -- windows_10_1507
Windows Filtering Platform Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38034
[email protected]
microsoft -- windows_10_1507
Windows Workstation Service Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38050
[email protected]
microsoft -- windows_10_1507
Windows Graphics Component Remote Code Execution Vulnerability​
2024-07-09​
7.8
CVE-2024-38051
[email protected]
microsoft -- windows_10_1507
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38052
[email protected]
microsoft -- windows_10_1507
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38054
[email protected]
microsoft -- windows_10_1507
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38057
[email protected]
microsoft -- windows_10_1507
DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability​
2024-07-09​
7.5
CVE-2024-38061
[email protected]
microsoft -- windows_10_1507
Windows TCP/IP Information Disclosure Vulnerability​
2024-07-09​
7.5
CVE-2024-38064
[email protected]
microsoft -- windows_10_1507
Windows Win32k Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38066
[email protected]
microsoft -- windows_10_1507
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability​
2024-07-09​
7.5
CVE-2024-38068
[email protected]
microsoft -- windows_10_1507
Windows Enroll Engine Security Feature Bypass Vulnerability​
2024-07-09​
7
CVE-2024-38069
[email protected]
microsoft -- windows_10_1507
Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability​
2024-07-09​
7.8
CVE-2024-38070
[email protected]
microsoft -- windows_10_1507
Windows Graphics Component Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38079
[email protected]
microsoft -- windows_10_1507
Windows Graphics Component Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38085
[email protected]
microsoft -- windows_10_1507
Microsoft WS-Discovery Denial of Service Vulnerability​
2024-07-09​
7.5
CVE-2024-38091
[email protected]
microsoft -- windows_10_1507
Windows MSHTML Platform Spoofing Vulnerability​
2024-07-09​
7.5
CVE-2024-38112
[email protected]
microsoft -- windows_10_1607
PowerShell Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38043
[email protected]
microsoft -- windows_10_1607
PowerShell Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38047
[email protected]
microsoft -- windows_10_1607
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38062
[email protected]
microsoft -- windows_10_21h2
Microsoft Xbox Remote Code Execution Vulnerability​
2024-07-09​
7.1
CVE-2024-38032
[email protected]
microsoft -- windows_10_21h2
Win32k Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38059
[email protected]
microsoft -- windows_11_21h2
Xbox Wireless Adapter Remote Code Execution Vulnerability​
2024-07-09​
7.5
CVE-2024-38078
[email protected]
microsoft -- windows_11_21h2
Windows Hyper-V Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38080
[email protected]
microsoft -- windows_server_2008
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability​
2024-07-09​
9.8
CVE-2024-38074
[email protected]
microsoft -- windows_server_2008
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability​
2024-07-09​
9.8
CVE-2024-38077
[email protected]
microsoft -- windows_server_2008
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability​
2024-07-09​
7.5
CVE-2024-38031
[email protected]
microsoft -- windows_server_2008
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability​
2024-07-09​
7.5
CVE-2024-38067
[email protected]
microsoft -- windows_server_2008
Windows Remote Desktop Licensing Service Denial of Service Vulnerability​
2024-07-09​
7.5
CVE-2024-38071
[email protected]
microsoft -- windows_server_2008
Windows Remote Desktop Licensing Service Denial of Service Vulnerability​
2024-07-09​
7.5
CVE-2024-38073
[email protected]
microsoft -- windows_server_2012
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability​
2024-07-09​
7.5
CVE-2024-38015
[email protected]
microsoft -- windows_server_2012
DHCP Server Service Remote Code Execution Vulnerability​
2024-07-09​
7.2
CVE-2024-38044
[email protected]
microsoft -- windows_server_2016
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability​
2024-07-09​
9.8
CVE-2024-38076
[email protected]
microsoft -- windows_server_2016
Windows Remote Desktop Licensing Service Denial of Service Vulnerability​
2024-07-09​
7.5
CVE-2024-38072
[email protected]
microsoft -- windows_server_2016
Windows File Explorer Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-38100
[email protected]
Microsoft--.NET 8.0
.NET and Visual Studio Remote Code Execution Vulnerability​
2024-07-09​
8.1
CVE-2024-35264
[email protected]
Microsoft--.NET 8.0
.NET Core and Visual Studio Denial of Service Vulnerability​
2024-07-09​
7.5
CVE-2024-30105
[email protected]
Microsoft--Azure DevOps Server 2022
Azure DevOps Server Spoofing Vulnerability​
2024-07-09​
7.6
CVE-2024-35266
[email protected]
Microsoft--Azure DevOps Server 2022
Azure DevOps Server Spoofing Vulnerability​
2024-07-09​
7.6
CVE-2024-35267
[email protected]
Microsoft--Azure Network Watcher VM Extension
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-35261
[email protected]
Microsoft--Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability​
2024-07-09​
7.3
CVE-2024-30061
[email protected]
Microsoft--Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server Information Disclosure Vulnerability​
2024-07-09​
7.5
CVE-2024-32987
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-20701
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21308
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21317
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21331
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21332
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21333
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21335
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21373
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21398
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21414
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21415
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21428
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21449
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-28928
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-35256
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-35271
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-35272
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37319
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37320
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37321
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37322
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37323
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37326
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37327
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37328
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37329
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37330
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37331
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37332
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37333
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37336
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-38087
[email protected]
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-38088
[email protected]
Microsoft--Microsoft SQL Server 2019 (GDR)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37334
[email protected]
Microsoft--Microsoft SQL Server 2019 for x64-based Systems (CU 27)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21425
[email protected]
Microsoft--Microsoft SQL Server 2019 for x64-based Systems (CU 27)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37318
[email protected]
Microsoft--Microsoft SQL Server 2022 for (CU 13)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-21303
[email protected]
Microsoft--Microsoft SQL Server 2022 for (CU 13)
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-37324
[email protected]
Microsoft--Microsoft Visual Studio 2022 version 17.4
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability​
2024-07-09​
7.3
CVE-2024-38081
[email protected]
Microsoft--Windows 10 Version 1809
Windows Text Services Framework Elevation of Privilege Vulnerability​
2024-07-10​
8.8
CVE-2024-21417
[email protected]
Microsoft--Windows 10 Version 1809
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8.8
CVE-2024-28899
[email protected]
Microsoft--Windows 10 Version 1809
Windows MultiPoint Services Remote Code Execution Vulnerability​
2024-07-09​
8.8
CVE-2024-30013
[email protected]
Microsoft--Windows 10 Version 1809
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37969
[email protected]
Microsoft--Windows 10 Version 1809
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37970
[email protected]
Microsoft--Windows 10 Version 1809
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37971
[email protected]
Microsoft--Windows 10 Version 1809
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37972
[email protected]
Microsoft--Windows 10 Version 1809
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8.4
CVE-2024-37973
[email protected]
Microsoft--Windows 10 Version 1809
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37974
[email protected]
Microsoft--Windows 10 Version 1809
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37975
[email protected]
Microsoft--Windows 10 Version 1809
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37981
[email protected]
Microsoft--Windows 10 Version 1809
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8.4
CVE-2024-37984
[email protected]
Microsoft--Windows 10 Version 1809
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability​
2024-07-09​
7.8
CVE-2024-30079
[email protected]
Microsoft--Windows 10 Version 1809
Windows NTLM Spoofing Vulnerability​
2024-07-09​
7.1
CVE-2024-30081
[email protected]
Microsoft--Windows 10 Version 1809
Windows Cryptographic Services Security Feature Bypass Vulnerability​
2024-07-09​
7.5
CVE-2024-30098
[email protected]
Microsoft--Windows 11 version 22H2
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37978
[email protected]
Microsoft--Windows Server 2022
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
8
CVE-2024-37977
[email protected]
Mozilla--Firefox
A mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.​
2024-07-09​
9.8
CVE-2024-6602
[email protected]
[email protected]
[email protected]
Mozilla--Firefox
Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128.​
2024-07-09​
9.8
CVE-2024-6606
[email protected]
[email protected]
Mozilla--Firefox
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128.​
2024-07-09​
9.8
CVE-2024-6611
[email protected]
[email protected]
Mozilla--Firefox
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.​
2024-07-09​
7.4
CVE-2024-6603
[email protected]
[email protected]
[email protected]
N.O.U.S. Open Useful and Simple--Event post
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in N.O.U.S. Open Useful and Simple Event post allows PHP Local File Inclusion.This issue affects Event post: from n/a through 5.9.5.​
2024-07-12​
7.5
CVE-2024-38735
[email protected]
n/a--@discordjs/opus
All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash.​
2024-07-10​
7.5
CVE-2024-21521
[email protected]
[email protected]
[email protected]
n/a--audify
All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.​
2024-07-10​
7.5
CVE-2024-21522
[email protected]
[email protected]
[email protected]
[email protected]
N/A--easyappointments
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.​
2024-07-09​
9.9
CVE-2023-3287
[email protected]
N/A--easyappointments
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.​
2024-07-09​
9.9
CVE-2023-38048
[email protected]
N/A--easyappointments
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.​
2024-07-09​
9.9
CVE-2023-38049
[email protected]
N/A--easyappointments
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.​
2024-07-09​
9.1
CVE-2023-38050
[email protected]
N/A--easyappointments
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.​
2024-07-09​
9.9
CVE-2023-38051
[email protected]
N/A--easyappointments
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.​
2024-07-09​
9.9
CVE-2023-38052
[email protected]
N/A--easyappointments
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.​
2024-07-09​
9.9
CVE-2023-38053
[email protected]
N/A--easyappointments
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.​
2024-07-09​
9.9
CVE-2023-38054
[email protected]
N/A--easyappointments
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.​
2024-07-09​
9.6
CVE-2023-38055
[email protected]
N/A--easyappointments
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.​
2024-07-09​
8.5
CVE-2023-3288
[email protected]
N/A--easyappointments
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.​
2024-07-09​
8.5
CVE-2023-38047
[email protected]
N/A--easyappointments
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation.​
2024-07-09​
7.7
CVE-2023-3285
[email protected]
N/A--easyappointments
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation.​
2024-07-09​
7.7
CVE-2023-3286
[email protected]
N/A--easyappointments
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.​
2024-07-09​
7.7
CVE-2023-3289
[email protected]
n/a--images
All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. Note: By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.​
2024-07-10​
7.5
CVE-2024-21523
[email protected]
[email protected]
[email protected]
N/A--N/A
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.​
2024-07-08​
7
CVE-2024-6409
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
n/a--n/a
An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC.​
2024-07-11​
9.8
CVE-2024-36435
[email protected]
n/a--n/a
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.​
2024-07-10​
9.1
CVE-2024-37770
[email protected]
[email protected]
n/a--n/a
SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter.​
2024-07-09​
9.8
CVE-2024-37870
[email protected]
n/a--n/a
Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php.​
2024-07-09​
9.8
CVE-2024-39071
[email protected]
n/a--n/a
A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G (no auth).​
2024-07-09​
8.1
CVE-2023-50805
[email protected]
[email protected]
n/a--n/a
A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850 Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380 Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300 that allows out-of-bounds access to a heap buffer in the SIM Proactive Command.​
2024-07-09​
8.4
CVE-2023-50806
[email protected]
[email protected]
n/a--n/a
A vulnerability was discovered in Samsung Wearable Processor and Modems with versions Exynos 9110, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G (no auth).​
2024-07-09​
8.1
CVE-2023-50807
[email protected]
[email protected]
n/a--n/a
A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, and Exynos Modem 5300 that involves incorrect authorization of LTE NAS messages and leads to downgrading to lower network generations and repeated DDOS.​
2024-07-09​
8.1
CVE-2024-29153
[email protected]
[email protected]
n/a--n/a
An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link.​
2024-07-09​
8.8
CVE-2024-37829
[email protected]
n/a--n/a
SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter.​
2024-07-09​
8.2
CVE-2024-37871
[email protected]
n/a--n/a
SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.​
2024-07-09​
8.1
CVE-2024-37872
[email protected]
n/a--n/a
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close​
2024-07-09​
8.8
CVE-2024-40036
[email protected]
n/a--n/a
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup​
2024-07-10​
8.8
CVE-2024-40329
[email protected]
n/a--n/a
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup​
2024-07-10​
8.8
CVE-2024-40331
[email protected]
n/a--n/a
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2​
2024-07-10​
8.8
CVE-2024-40333
[email protected]
n/a--n/a
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.​
2024-07-09​
7.5
CVE-2024-36676
[email protected]
[email protected]
[email protected]
n/a--n/a
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.​
2024-07-10​
7.5
CVE-2024-38875
[email protected]
[email protected]
[email protected]
n/a--node-stringbuilder
All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure.​
2024-07-10​
8.2
CVE-2024-21524
[email protected]
[email protected]
[email protected]
n/a--node-twain
All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length >= 34 chars leads to a buffer overflow vulnerability.​
2024-07-10​
8.3
CVE-2024-21525
[email protected]
[email protected]
n/a--speaker
All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.​
2024-07-10​
7.5
CVE-2024-21526
[email protected]
[email protected]
NAVER--NAVER Whale browser
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.​
2024-07-11​
9.6
CVE-2024-40618
[email protected]
neutrinolabs--xrdp
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter MaxLoginRetry in /etc/xrdp/sesman.ini. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.​
2024-07-12​
7.2
CVE-2024-39917
[email protected]
[email protected]
nikolaystrikhar--Gutenberg Forms WordPress Form Builder Plugin
The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.​
2024-07-09​
9.8
CVE-2024-6313
[email protected]
[email protected]
[email protected]
NooTheme--Jobmonster
Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through 4.7.0.​
2024-07-12​
9.8
CVE-2024-37927
[email protected]
NooTheme--Jobmonster
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NooTheme Jobmonster allows File Manipulation.This issue affects Jobmonster: from n/a through 4.7.0.​
2024-07-12​
8.6
CVE-2024-37928
[email protected]
oisf -- suricata
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable defrag to reduce the scope of the problem.​
2024-07-11​
7.5
CVE-2024-37151
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
oisf -- suricata
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.​
2024-07-11​
7.5
CVE-2024-38534
[email protected]
[email protected]
[email protected]
[email protected]
oisf -- suricata
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.​
2024-07-11​
7.5
CVE-2024-38535
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
oisf -- suricata
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to http.memcap being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.​
2024-07-11​
7.5
CVE-2024-38536
[email protected]
[email protected]
[email protected]
openvpn -- openvpn
OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.​
2024-07-08​
9.8
CVE-2024-27903
[email protected]
[email protected]
[email protected]
openvpn -- openvpn
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.​
2024-07-08​
7.5
CVE-2024-24974
[email protected]
[email protected]
[email protected]
openvpn -- openvpn
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.​
2024-07-08​
7.8
CVE-2024-27459
[email protected]
[email protected]
[email protected]
OpenVPN--tap-windows6
tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space​
2024-07-08​
9.8
CVE-2024-1305
[email protected]
[email protected]
Paid Memberships Pro--Paid Memberships Pro
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5.​
2024-07-09​
7.6
CVE-2024-37486
[email protected]
pandavideo--Panda Video
The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selected_button' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.​
2024-07-09​
8.8
CVE-2024-5456
[email protected]
[email protected]
parorrey -- json_api_user
The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed.​
2024-07-11​
9.8
CVE-2024-6624
[email protected]
[email protected]
[email protected]
[email protected]
PayPlus LTD--PayPlus Payment Gateway
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7.​
2024-07-12​
8.5
CVE-2024-37564
[email protected]
Pepperl+Fuchs--OIT1500-F113-B12-CB
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.​
2024-07-10​
9.8
CVE-2024-6422
[email protected]
Pepperl+Fuchs--OIT1500-F113-B12-CB
An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service.​
2024-07-10​
7.5
CVE-2024-6421
[email protected]
photoweblog--OSM OpenStreetMap
The OSM - OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-07-09​
9.9
CVE-2024-3604
[email protected]
[email protected]
phpvibe -- phpvibe
Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.​
2024-07-09​
9.8
CVE-2024-39171
[email protected]
[email protected]
pjgalbraith--Default Thumbnail Plus
The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'get_cache_image' function in all versions up to, and including, 1.0.2.3. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.​
2024-07-09​
8.8
CVE-2024-6161
[email protected]
[email protected]
PluginsWare--Advanced Classifieds & Directory Pro
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginsWare Advanced Classifieds & Directory Pro allows Path Traversal.This issue affects Advanced Classifieds & Directory Pro: from n/a through 3.1.3.​
2024-07-09​
8.5
CVE-2024-37501
[email protected]
praveen-rajan--Attachment File Icons (AF Icons)
The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. This is due to missing nonce validation in the 'afi_overview' function and missing file type validation in the 'upload_icons' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-07-09​
8.8
CVE-2024-6309
[email protected]
[email protected]
[email protected]
publiccms -- publiccms
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.​
2024-07-12​
8.8
CVE-2024-40543
[email protected]
publiccms -- publiccms
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.​
2024-07-12​
8.8
CVE-2024-40544
[email protected]
publiccms -- publiccms
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.​
2024-07-12​
8.8
CVE-2024-40545
[email protected]
publiccms -- publiccms
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.​
2024-07-12​
8.8
CVE-2024-40546
[email protected]
publiccms -- publiccms
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.​
2024-07-12​
8.8
CVE-2024-40548
[email protected]
publiccms -- publiccms
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.​
2024-07-12​
8.8
CVE-2024-40549
[email protected]
publiccms -- publiccms
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.​
2024-07-12​
8.8
CVE-2024-40550
[email protected]
publiccms -- publiccms
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.​
2024-07-12​
8.8
CVE-2024-40551
[email protected]
publiccms -- publiccms
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.​
2024-07-12​
8.8
CVE-2024-40552
[email protected]
realtek -- rtl819x_jungle_software_development_kit
A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability.​
2024-07-08​
8.8
CVE-2023-47677
[email protected]
realtek -- rtl819x_jungle_software_development_kit
A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malicious file to trigger this vulnerability.​
2024-07-08​
7.2
CVE-2023-34435
[email protected]
realtek -- rtl819x_jungle_software_development_kit
A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.​
2024-07-08​
7.2
CVE-2023-41251
[email protected]
realtek -- rtl819x_jungle_software_development_kit
A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.​
2024-07-08​
7.2
CVE-2023-45215
[email protected]
realtek -- rtl819x_jungle_software_development_kit
An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.​
2024-07-08​
7.2
CVE-2023-45742
[email protected]
realtek -- rtl819x_jungle_software_development_kit
A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.​
2024-07-08​
7.2
CVE-2023-47856
[email protected]
realtek -- rtl819x_jungle_software_development_kit
A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.​
2024-07-08​
7.2
CVE-2023-48270
[email protected]
realtek -- rtl819x_jungle_software_development_kit
A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.​
2024-07-08​
7.2
CVE-2023-49073
[email protected]
realtek -- rtl819x_jungle_software_development_kit
A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.​
2024-07-08​
7.2
CVE-2023-49595
[email protected]
realtek -- rtl819x_jungle_software_development_kit
A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.​
2024-07-08​
7.2
CVE-2023-49867
[email protected]
realtek -- rtl819x_jungle_software_development_kit
Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the interfacename request's parameter.​
2024-07-08​
7.2
CVE-2023-50239
[email protected]
realtek -- rtl819x_jungle_software_development_kit
Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the AdvDefaultPreference request's parameter.​
2024-07-08​
7.2
CVE-2023-50240
[email protected]
realtek -- rtl819x_jungle_software_development_kit
Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the comment request's parameter.​
2024-07-08​
7.2
CVE-2023-50243
[email protected]
realtek -- rtl819x_jungle_software_development_kit
Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the entry_name request's parameter.​
2024-07-08​
7.2
CVE-2023-50244
[email protected]
realtek -- rtl819x_jungle_software_development_kit
A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.​
2024-07-08​
7.2
CVE-2023-50330
[email protected]
realtek -- rtl819x_jungle_software_development_kit
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the targetAPSsid request's parameter.​
2024-07-08​
7.2
CVE-2023-50381
[email protected]
realtek -- rtl819x_jungle_software_development_kit
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the peerPin request's parameter.​
2024-07-08​
7.2
CVE-2023-50382
[email protected]
realtek -- rtl819x_jungle_software_development_kit
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the localPin request's parameter.​
2024-07-08​
7.2
CVE-2023-50383
[email protected]
realtek -- rtl819x_jungle_software_development_kit
A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability.​
2024-07-08​
7.2
CVE-2024-21778
[email protected]
Realtyna--Realtyna Organic IDX plugin
Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13.​
2024-07-12​
9.1
CVE-2024-38736
[email protected]
Red Hat--Red Hat JBoss Enterprise Application Platform 8
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.​
2024-07-08​
7.5
CVE-2024-5971
[email protected]
[email protected]
[email protected]
rmac0001--IQ Testimonials
The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process_image_upload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can only be exploited if the 'gd' php extension is not loaded on the server.​
2024-07-09​
9.8
CVE-2024-6314
[email protected]
[email protected]
samsung -- exynos_1280_firmware
A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure.​
2024-07-09​
7.5
CVE-2024-27362
[email protected]
[email protected]
samsung -- exynos_2200_firmware
A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length.​
2024-07-09​
7.5
CVE-2024-31957
[email protected]
[email protected]
samsung -- exynos_850_firmware
A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service.​
2024-07-09​
7.5
CVE-2024-27360
[email protected]
[email protected]
SAP_SE--SAP Commerce
In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this can also grant access to other non-isolated early login sites, even if registration is not enabled for those other sites.​
2024-07-09​
7.2
CVE-2024-39597
[email protected]
[email protected]
SAP_SE--SAP PDCE
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.​
2024-07-09​
7.7
CVE-2024-39592
[email protected]
[email protected]
schneider-electric -- ecostruxure_foxboro_dcs_control_core_services
CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.​
2024-07-11​
7.1
CVE-2024-5679
[email protected]
schneider-electric -- ecostruxure_foxboro_dcs_control_core_services
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.​
2024-07-11​
7.8
CVE-2024-5681
[email protected]
schneider-electric -- foxrtu_station
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor.​
2024-07-11​
7.8
CVE-2024-2602
[email protected]
schneider-electric -- whc-5918a_firmware
CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device.​
2024-07-11​
7.5
CVE-2024-6407
[email protected]
seacms -- seacms
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.​
2024-07-12​
8.8
CVE-2024-40518
[email protected]
seacms -- seacms
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.​
2024-07-12​
8.8
CVE-2024-40519
[email protected]
seacms -- seacms
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.​
2024-07-12​
8.8
CVE-2024-40520
[email protected]
seacms -- seacms
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.​
2024-07-12​
8.8
CVE-2024-40521
[email protected]
seacms -- seacms
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions.​
2024-07-12​
8.8
CVE-2024-40522
[email protected]
Seraphinite Solutions--Seraphinite Accelerator (Full, premium)
Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13.​
2024-07-12​
7.4
CVE-2024-37940
[email protected]
ServiceNow--Now Platform
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.​
2024-07-10​
9.8
CVE-2024-4879
[email protected]
[email protected]
ServiceNow--Now Platform
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.​
2024-07-10​
9.8
CVE-2024-5217
[email protected]
[email protected]
siemens -- medicalis_workflow_orchestrator
A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges.​
2024-07-08​
7.8
CVE-2024-37999
[email protected]
Siemens--JT Open
A vulnerability has been identified in JT Open (All versions < V11.5), PLM XML SDK (All versions < V7.1.0.014). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.​
2024-07-09​
7.8
CVE-2024-37997
[email protected]
Siemens--Mendix Encryption
A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised.​
2024-07-09​
7.5
CVE-2024-39888
[email protected]
Siemens--RUGGEDCOM i800
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices allow a low privileged user to access hashes and password salts of all system's users, including admin users. An attacker could use the obtained information to brute force the passwords offline.​
2024-07-09​
7.5
CVE-2023-52237
[email protected]
Siemens--RUGGEDCOM RMC30
A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.​
2024-07-09​
8.8
CVE-2024-39675
[email protected]
Siemens--SIMATIC PCS neo V4.0
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300.​
2024-07-09​
7.8
CVE-2022-45147
[email protected]
Siemens--Simcenter Femap
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current process.​
2024-07-09​
7.8
CVE-2024-32056
[email protected]
Siemens--Simcenter Femap
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.​
2024-07-09​
7.8
CVE-2024-33653
[email protected]
Siemens--Simcenter Femap
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.​
2024-07-09​
7.8
CVE-2024-33654
[email protected]
Siemens--SINEMA Remote Connect Client
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.​
2024-07-09​
7.8
CVE-2024-39567
[email protected]
Siemens--SINEMA Remote Connect Client
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.​
2024-07-09​
7.8
CVE-2024-39568
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level.​
2024-07-09​
9.6
CVE-2024-39872
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges.​
2024-07-09​
8.8
CVE-2024-39570
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges.​
2024-07-09​
8.8
CVE-2024-39571
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution.​
2024-07-09​
8.8
CVE-2024-39865
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges.​
2024-07-09​
8.8
CVE-2024-39866
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges.​
2024-07-09​
7.6
CVE-2024-39867
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of networks for which they have no privileges.​
2024-07-09​
7.6
CVE-2024-39868
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.​
2024-07-09​
7.5
CVE-2024-39873
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.​
2024-07-09​
7.5
CVE-2024-39874
[email protected]
Smartypants--SP Project & Document Manager
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smartypants SP Project & Document Manager allows Path Traversal.This issue affects SP Project & Document Manager: from n/a through 4.71.​
2024-07-09​
7.5
CVE-2024-37224
[email protected]
smub--User Feedback Create Interactive Feedback Form, User Surveys, and Polls in Seconds
The User Feedback - Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in feedback form responses that will execute whenever a high-privileged user tries to view them.​
2024-07-12​
7.2
CVE-2024-5902
[email protected]
[email protected]
SpreadsheetConverter--Import Spreadsheets from Microsoft Excel
Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.4.​
2024-07-12​
9.1
CVE-2024-38734
[email protected]
Spring by VMware Tanzu--Spring Cloud Function Framework
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Spring Cloud Function Web module Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8 References https://spring.io/security/cve-2022-22979 Â https://checkmarx.com/blog/spring-f...022-22979-and-unintended-function-invocation/ Â History 2020-01-16: Initial vulnerability report published.​
2024-07-09​
8.2
CVE-2024-22271
[email protected]
StylemixThemes--Masterstudy Elementor Widgets
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0.​
2024-07-09​
8.5
CVE-2024-37090
[email protected]
[email protected]
subratamal--Wallet for WooCommerce
The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'search[value]' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-07-12​
8.8
CVE-2024-6353
[email protected]
[email protected]
[email protected]
[email protected]
Tencent--RapidJSON
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.​
2024-07-09​
7.8
CVE-2024-38517
[email protected]
[email protected]
[email protected]
Tencent--RapidJSON
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.​
2024-07-09​
7.8
CVE-2024-39684
[email protected]
tenda -- ac8v4_firmware
Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained.​
2024-07-09​
9.8
CVE-2023-48194
[email protected]
[email protected]
themeenergy--BookYourTravel
Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17.​
2024-07-09​
8.8
CVE-2024-37952
[email protected]
Themeum--Tutor LMS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.​
2024-07-09​
7.6
CVE-2024-37256
[email protected]
Themewinter--WPCafe
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27.​
2024-07-09​
8.5
CVE-2024-37513
[email protected]
Unknown--ContentLock
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack​
2024-07-12​
8.8
CVE-2024-6024
[email protected]
Unknown--SEOPress
The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present.​
2024-07-09​
9.8
CVE-2024-5488
[email protected]
unlimited-elements -- unlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the 'addons_order' parameter in all versions up to, and including, 1.5.112 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-07-09​
8.8
CVE-2024-6166
[email protected]
[email protected]
[email protected]
vercel--next.js
Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later.​
2024-07-10​
7.5
CVE-2024-39693
[email protected]
vmware -- aria_automation
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.​
2024-07-11​
8.1
CVE-2024-22280
[email protected]
vnotex--vnote
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example, file:///C:/WINDOWS/system32/cmd.exe. This allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as file:///C:/WINDOWS/system32/cmd.exe and file:///C:/WINDOWS/system32/calc.exe. This vulnerability can be exploited by creating and sharing specially crafted notes. An attacker could send a crafted note file and perform further attacks. This vulnerability is fixed in 3.18.1.​
2024-07-11​
8.8
CVE-2024-39904
[email protected]
[email protected]
WatchGuard--Fireware OS
A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3.​
2024-07-09​
7.2
CVE-2024-5974
5d1c2695-1a31-4499-88ae-e847036fd7e3
WatchGuard--Mobile VPN with SSL Client
A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged.​
2024-07-09​
7.8
CVE-2024-4944
5d1c2695-1a31-4499-88ae-e847036fd7e3
Webmin--Webmin
Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.​
2024-07-10​
8.8
CVE-2024-36451
[email protected]
[email protected]
webnus -- modern_events_calendar
The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The plugin allows administrators (via its settings) to extend the ability to submit events to unauthenticated users, which would allow unauthenticated attackers to exploit this vulnerability.​
2024-07-09​
8.8
CVE-2024-5441
[email protected]
[email protected]
wedevs -- wp_erp
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the 'vendor_id' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Accounting Manager access (erp_ac_view_sales_summary capability) and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-07-11​
8.8
CVE-2024-6666
[email protected]
[email protected]
whisperfish--rust-phonenumber
phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form +dwPAA;phone-context=AA, where the "number" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6.​
2024-07-09​
8.6
CVE-2024-39697
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
widgetti--solara
Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.​
2024-07-12​
8.6
CVE-2024-39903
[email protected]
[email protected]
woobewoo--Product Table by WBW
The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. This is due to missing authorization and lack of sanitization of appended data in the languages/customTitle.php file. This makes it possible for unauthenticated attackers to execute code on the server.​
2024-07-09​
9.8
CVE-2024-6365
[email protected]
[email protected]
[email protected]
[email protected]
WPJohnny, zerOneIT--Comment Reply Email
Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting (XSS).This issue affects Comment Reply Email: from n/a through 1.3.​
2024-07-12​
7.1
CVE-2024-35773
[email protected]
wpvibes--Form Vibes Database Manager for Forms
The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the 'fv_export_data' parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-07-12​
8.8
CVE-2024-5325
[email protected]
[email protected]
WPZita--Zita Elementor Site Library
Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.This issue affects Zita Elementor Site Library: from n/a through 1.6.1.​
2024-07-09​
9.9
CVE-2024-37420
[email protected]
zealopensource--Generate PDF using Contact Form 7
The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. This is due to missing nonce validation and missing file type validation in the 'wp_cf7_pdf_dashboard_html_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-07-09​
8.8
CVE-2024-6316
[email protected]
[email protected]
zealopensource--Generate PDF using Contact Form 7
The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the 'wp_cf7_pdf_dashboard_html_page' function. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-07-09​
8.8
CVE-2024-6317
[email protected]
[email protected]
ZealousWeb--Generate PDF using Contact Form 7
Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6.​
2024-07-09​
9.1
CVE-2024-37555
[email protected]
Zoho Marketing Automation--Zoho Marketing Automation
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7.​
2024-07-09​
8.5
CVE-2024-37225
[email protected]

Back to top

Medium Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10web -- slider
The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks​
2024-07-11​
5.4
CVE-2024-6026
[email protected]
Adobe--Bridge
Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-07-09​
5.5
CVE-2024-34140
[email protected]
amandato--PowerPress Podcasting plugin by Blubrry
The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'media_url' parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-07-12​
6.4
CVE-2024-6588
[email protected]
[email protected]
[email protected]
[email protected]
apache -- nifi
Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.27.0 or 2.0.0-M4 is the recommended mitigation.​
2024-07-08​
5.4
CVE-2024-37389
[email protected]
aprokopenko--Just Custom Fields
The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke this functionality intended for admin users. This enables subscribers to manage field groups, change visibility of items among other things.​
2024-07-09​
4.3
CVE-2024-6167
[email protected]
[email protected]
aprokopenko--Just Custom Fields
The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJAX function. This makes it possible for unauthenticated attackers to invoke this functionality intended for admin users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This enables subscribers to manage field groups, change visibility of items among other things.​
2024-07-09​
4.3
CVE-2024-6168
[email protected]
[email protected]
aumkub--Featured Image Generator
The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the fig_save_after_generate_image function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary images to a post-related gallery.​
2024-07-10​
4.3
CVE-2024-5677
[email protected]
[email protected]
auth0--Login by Auth0
The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wle' parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-07-10​
6.1
CVE-2023-6813
[email protected]
[email protected]
AWSM Innovations--AWSM Team
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AWSM Innovations AWSM Team allows Path Traversal.This issue affects AWSM Team: from n/a through 1.3.1.​
2024-07-09​
6.5
CVE-2024-37454
[email protected]
ays-pro -- secure_copy_content_protection_and_content_locking
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).​
2024-07-11​
4.8
CVE-2024-6138
[email protected]
bastho--Event post
The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing nonce check on the save_bulkdatas function in all versions up to, and including, 5.9.5. This makes it possible for unauthenticated attackers to update post_meta_data via a forged request, granted they can trick a logged-in user into performing an action such as clicking on a link.​
2024-07-12​
4.3
CVE-2024-1375
[email protected]
[email protected]
Beaver Addons--PowerPack Lite for Beaver Builder
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Path Traversal.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.3.​
2024-07-09​
4.9
CVE-2024-37410
[email protected]
bible_text_project -- bible_text
The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks​
2024-07-11​
5.4
CVE-2024-5444
[email protected]
BinaryCarpenter--Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter
Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter allows Cross-Site Scripting (XSS).This issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through 1.222.16.​
2024-07-12​
6.5
CVE-2024-37202
[email protected]
Blue Plugins--Events Calendar for Google
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Blue Plugins Events Calendar for Google allows PHP Local File Inclusion.This issue affects Events Calendar for Google: from n/a through 2.1.0.​
2024-07-12​
6.5
CVE-2024-38716
[email protected]
bobbingwide--oik
The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bw_button shortcode in all versions up to, and including, 4.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
6.4
CVE-2024-6391
[email protected]
[email protected]
[email protected]
[email protected]
Bootstrap--Bootstrap
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.​
2024-07-11​
6.4
CVE-2024-6484
36c7be3b-2937-45df-85ea-ca7133ea542c
Bootstrap--Bootstrap
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.​
2024-07-11​
6.4
CVE-2024-6485
36c7be3b-2937-45df-85ea-ca7133ea542c
Bootstrap--Bootstrap
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.​
2024-07-11​
6.4
CVE-2024-6531
36c7be3b-2937-45df-85ea-ca7133ea542c
Checkmk GmbH--Checkmk
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data​
2024-07-08​
5.3
CVE-2024-6163
[email protected]
Cisco--Cisco IOS XR Software
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device. This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system&rsquo;s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.​
2024-07-10​
6.7
CVE-2024-20456
[email protected]
cliengo--Cliengo Chatbot
The Cliengo - Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_chatbot_token' and 'update_chatbot_position' functions in all versions up to, and including, 3.0.1. This makes it possible for unauthenticated attackers to change chatbot settings, which can lead to unavailability or other changes to the chatbot.​
2024-07-09​
6.5
CVE-2024-5992
[email protected]
[email protected]
[email protected]
cliengo--Cliengo Chatbot
The Cliengo - Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_session' function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the session token of the chatbot.​
2024-07-09​
5.4
CVE-2024-5993
[email protected]
[email protected]
codersaiful--UltraAddons Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)
The UltraAddons - Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-10​
6.4
CVE-2024-4866
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Cog-Creators--Red-DiscordBot
Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the @commands.can_manage_channel() command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of the core commands or core cogs are affected. The maintainers of the project are not aware of any public 3rd-party cog utilizing this API at the time of writing this advisory. The problem was patched and released in version 3.5.10.​
2024-07-11​
5.3
CVE-2024-39905
[email protected]
[email protected]
[email protected]
decidim--decidim
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded (such as a Participatory Process, an Assembly, a Proposal, a Result, etc), then some data of this resource could be accessed. This vulnerability is fixed in 0.27.6.​
2024-07-10​
5.3
CVE-2024-27090
[email protected]
[email protected]
[email protected]
[email protected]
decidim--decidim
Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.​
2024-07-10​
5.4
CVE-2024-27095
[email protected]
[email protected]
[email protected]
Dell--Alienware Command Center (AWCC)
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.​
2024-07-10​
6.7
CVE-2024-38301
[email protected]
Dell--PowerSwitch Z9664F-ON BIOS
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.​
2024-07-10​
5.7
CVE-2023-32467
[email protected]
Dell--PowerSwitch Z9664F-ON BIOS
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege.​
2024-07-10​
5.7
CVE-2023-32472
[email protected]
directus--directus
Directus is a real-time API and App dashboard for managing SQL database content. Directus >=9.23.0, <=v10.5.3 improperly handles _in, _nin operators. It evaluates empty arrays as valid so expressions like {"role": {"_in": $CURRENT_USER.some_field}} would evaluate to true allowing the request to pass. This results in Broken Access Control because the rule fails to do what it was intended to do: Pass rule if field matches any of the values. This vulnerability is fixed in 10.6.0.​
2024-07-08​
6.3
CVE-2024-39701
[email protected]
directus--directus
Directus is a real-time API and App dashboard for managing SQL database content. A denial of service (DoS) attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and consume excessive resources, leading to a denial of service for legitimate users. Request to the endpoint /graphql are sent when visualizing graphs generated at a dashboard. By modifying the data sent and duplicating many times the fields a DoS attack is possible. This vulnerability is fixed in 10.12.0.​
2024-07-08​
6.5
CVE-2024-39895
[email protected]
[email protected]
dj-extensions -- dj-helpfularticles
XSS vulnerability in DJ-HelpfulArticles component for Joomla.​
2024-07-09​
6.1
CVE-2024-27183
[email protected]
docker -- desktop
In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.​
2024-07-09​
5.5
CVE-2024-5652
[email protected]
dotcamp -- ultimate_blocks
The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks​
2024-07-11​
5.4
CVE-2024-4655
[email protected]
DynamicWebLab--WordPress Team Manager
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DynamicWebLab WordPress Team Manager allows PHP Local File Inclusion.This issue affects WordPress Team Manager: from n/a through 2.1.12.​
2024-07-12​
6.5
CVE-2024-38704
[email protected]
Elementor--Elementor Website Builder
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1.​
2024-07-09​
5.5
CVE-2024-37437
[email protected]
elfsight--Pricing Table
The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() function. This makes it possible for unauthenticated attackers to perform a variety of actions related to managing pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-07-09​
5.3
CVE-2024-4100
[email protected]
[email protected]
elfsight--Pricing Table
The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions like editing pricing tables.​
2024-07-09​
5.4
CVE-2024-4102
[email protected]
[email protected]
exiv2 -- exiv2
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.​
2024-07-08​
6.5
CVE-2024-39695
[email protected]
[email protected]
[email protected]
expresstech -- quiz_and_survey_master
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks​
2024-07-11​
5.4
CVE-2024-6025
[email protected]
ExS--ExS Widgets
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1.​
2024-07-12​
6.5
CVE-2024-38715
[email protected]
FOGProject--fogproject
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30.​
2024-07-12​
6.4
CVE-2024-39916
[email protected]
[email protected]
Fortinet--FortiADC
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors.​
2024-07-09​
4.8
CVE-2023-50179
[email protected]
Fortinet--FortiADC
An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests.​
2024-07-09​
4.9
CVE-2023-50181
[email protected]
Fortinet--FortiAIOps
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.​
2024-07-09​
5.4
CVE-2024-27785
[email protected]
Fortinet--FortiPortal
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.​
2024-07-09​
4.3
CVE-2024-21759
[email protected]
Fortinet--FortiWeb
An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).​
2024-07-09​
4.8
CVE-2024-33509
[email protected]
gaizhenbiao -- chuanhuchatgpt
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.​
2024-07-11​
6.1
CVE-2024-6035
[email protected]
Gallagher--Controller 6000 and Controller 7000
External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior that in some circumstances could compromise site physical security controls. Gallagher recommend the diagnostic web page is not enabled (default is off) unless advised by Gallagher Technical support. This interface is intended only for diagnostic purposes. This issue affects: Gallagher Controller 6000 and 7000 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.​
2024-07-11​
6.8
CVE-2024-22387
[email protected]
Gallagher--Controller 6000 and Controller 7000
External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects:Â 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.​
2024-07-11​
6.3
CVE-2024-23317
[email protected]
Gallagher--Controller 6000 and Controller 7000
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation (CWE-1304) in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and 7000 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)),  8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.​
2024-07-11​
4.6
CVE-2024-23485
[email protected]
GitLab--GitLab
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload.​
2024-07-09​
6.8
CVE-2024-2177
[email protected]
[email protected]
glpi-project--glpi
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16.​
2024-07-10​
4.3
CVE-2024-37147
[email protected]
Google--Android
In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
6.3
CVE-2024-31311
[email protected]
[email protected]
Google--Android
In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.​
2024-07-09​
6.3
CVE-2024-31322
[email protected]
[email protected]
Google--Android
In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
6.7
CVE-2024-31334
[email protected]
Google--Android
In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.​
2024-07-09​
5.3
CVE-2024-31315
[email protected]
[email protected]
Google--Android
In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
5.3
CVE-2024-31327
[email protected]
[email protected]
Google--Android
In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
5.3
CVE-2024-34723
[email protected]
[email protected]
hackmdio--codimd
CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an attacker can determine the filenames for previously uploaded images and the likelihood of this issue being exploited is increased. This vulnerability is fixed in 2.5.4.​
2024-07-10​
5.3
CVE-2024-38353
[email protected]
happymonkeyagency--SCSS Happy Compiler Compile SCSS to CSS & Automatic Enqueue
The SCSS Happy Compiler - Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts.​
2024-07-09​
5.4
CVE-2024-5600
[email protected]
[email protected]
HasThemes--HT Mega
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HasThemes HT Mega allows Path Traversal.This issue affects HT Mega: from n/a through 2.5.7.​
2024-07-12​
6.5
CVE-2024-38706
[email protected]
ibm -- cloud_pak_for_business_automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293.​
2024-07-08​
5.4
CVE-2024-37528
[email protected]
[email protected]
ibm -- cloud_pak_for_business_automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178.​
2024-07-08​
4.3
CVE-2024-31897
[email protected]
[email protected]
ibm -- storage_virtualize
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.​
2024-07-08​
4.6
CVE-2024-39723
[email protected]
[email protected]
IBM--InfoSphere Server
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720.​
2024-07-12​
5.4
CVE-2024-40690
[email protected]
[email protected]
IBM--MQ Operator
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.​
2024-07-08​
5.9
CVE-2024-39743
[email protected]
[email protected]
IBM--QRadar Suite Software
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429.​
2024-07-10​
6.2
CVE-2024-25023
[email protected]
[email protected]
IBM--Security QRadar EDR
IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697.​
2024-07-10​
5.3
CVE-2023-33859
[email protected]
[email protected]
IBM--Security QRadar EDR
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257702.​
2024-07-10​
5.3
CVE-2023-33860
[email protected]
[email protected]
IBM--Security QRadar EDR
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 297165.​
2024-07-10​
5.4
CVE-2023-35006
[email protected]
[email protected]
Internal Link Juicer--Internal Link Juicer: SEO Auto Linker for WordPress
Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3.​
2024-07-12​
4.3
CVE-2024-37941
[email protected]
itsourcecode--Gym Management System
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file manage_member.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271059.​
2024-07-10​
6.3
CVE-2024-6652
[email protected]
[email protected]
[email protected]
[email protected]
Juniper Networks--Junos OS
An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition. This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled. This issue affects Junos OS: * All versions before 20.4R3-S10, * from 21.4 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved: * All versions before 20.4R3-S10-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.​
2024-07-10​
6.5
CVE-2024-39514
[email protected]
Juniper Networks--Junos OS
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS). In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services. This issue affects both IPv4 and IPv6 implementations. This issue affects Junos OS: All versions earlier than 21.4R3-S7; 22.1 versions earlier than 22.1R3-S5; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S3; 22.4 versions earlier than 22.4R3-S2; 23.2 versions earlier than 23.2R2; 23.4 versions earlier than 23.4R1-S1. Junos OS Evolved: All versions earlier than 21.4R3-S7-EVO; 22.1-EVO versions earlier than 22.1R3-S5-EVO; 22.2-EVO versions earlier than 22.2R3-S3-EVO; 22.3-EVO versions earlier than 22.3R3-S3-EVO; 22.4-EVO versions earlier than 22.4R3-S2-EVO; 23.2-EVO versions earlier than 23.2R2-EVO; 23.4-EVO versions earlier than 23.4R1-S1-EVO, 23.4R2-EVO.​
2024-07-10​
6.5
CVE-2024-39517
[email protected]
Juniper Networks--Junos OS
An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information. This issue affects: Junos OS: * All versions before 22.1R2-S2, * 22.1R3 and later versions, * 22.2 versions before 22.2R2-S1, 22.2R3, * 22.3 versions before 22.3R1-S2, 22.3R2; Junos OS Evolved: * All versions before before 22.1R3-EVO, * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO, * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.​
2024-07-11​
6.3
CVE-2024-39532
[email protected]
Juniper Networks--Junos OS
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart. This issue affects: Junos OS: * 22.4 versions before 22.4R3-S1, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R1-S1, 23.4R2, This issue does not affect Junos OS versions earlier than 22.4R1. Junos OS Evolved: * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO, This issue does not affect Junos OS Evolved versions earlier than before 22.4R1.​
2024-07-11​
6.5
CVE-2024-39541
[email protected]
Juniper Networks--Junos OS
A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S2-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R2-EVO.​
2024-07-11​
6.5
CVE-2024-39543
[email protected]
Juniper Networks--Junos OS
A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting rtlogd process. The memory usage can be monitored using the below command.     user@host> show system processes extensive | match rtlog This issue affects Junos OS on MX Series with SPC3 line card: * from 21.2R3 before 21.2R3-S8, * from 21.4R2 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3-S1, * from 23.2 before 23.2R2, * from 23.4 before 23.4R2.​
2024-07-11​
6.5
CVE-2024-39550
[email protected]
Juniper Networks--Junos OS
A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution. By exploiting the 'set security certificates' command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user's command interpreter, or potentially trigger a stack-based buffer overflow. This issue affects: Â Junos OS: * All versions before 21.4R3-S7, * from 22.1 before 22.1R3-S6, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2;Â Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * from 22.1-EVO before 22.1R3-S6-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S2-EVO, * from 23.2-EVO before 23.2R2-EVO, * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.​
2024-07-10​
6.4
CVE-2024-39556
[email protected]
Juniper Networks--Junos OS
An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition. This issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash. This issue affects: Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3, * from 22.4 before 22.4R2;Â Junos OS Evolved: * All versions before 20.4R3-S10 -EVO, * from 21.2-EVO before 21.2R3-S7 -EVO, * from 21.4-EVO before 21.4R3-S6 -EVO, * from 22.1-EVO before 22.1R3-S5 -EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-EVO, * from 22.4-EVO before 22.4R2-EVO.​
2024-07-10​
6.5
CVE-2024-39558
[email protected]
Juniper Networks--Junos OS
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS). The kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected. System kernel memory can be monitored through the use of the 'show system statistics kernel memory' command as shown below: user@router> show system statistics kernel memory Memory        Size (kB) Percentage When  Active         753092   18.4% Now  Inactive        574300   14.0% Now  Wired         443236   10.8% Now  Cached        1911204   46.6% Now  Buf           32768   0.8% Now  Free          385072   9.4% Now Kernel Memory               Now  Data          312908   7.6% Now  Text           2560   0.1% Now ... This issue affects: Junos OS: * All versions before 20.4R3-S9, * All versions of 21.2, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved: * All versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.​
2024-07-10​
6.5
CVE-2024-39560
[email protected]
Juniper Networks--Junos OS
An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS). On running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly. When the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes unauthorized. The client cannot re-authenticate until the dot1x daemon restarts. This issue affects Junos OS: * All versions before 20.4R3-S10; * 21.2 versions before 21.2R3-S7; * 21.4 versions before 21.4R3-S6; * 22.1 versions before 22.1R3-S5; * 22.2 versions before 22.2R3-S3; * 22.3 versions before 22.3R3-S2; * 22.4 versions before 22.4R3-S1; * 23.2 versions before 23.2R2.​
2024-07-10​
5.5
CVE-2024-39511
[email protected]
Juniper Networks--Junos OS
A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart. This issue affects:   Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.  Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S5-EVO, * 22.2-EVO versions before 22.2R3-S3-EVO, * 22.3-EVO versions before 22.3R3-S2-EVO, * 22.4-EVO versions before 22.4R3-EVO, * 23.2-EVO versions before 23.2R2-EVO.​
2024-07-11​
5.7
CVE-2024-39528
[email protected]
Juniper Networks--Junos OS
An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions ip-source-address ip-destination-address arp-type which are not supported for this type of filter, are used in an ethernet switching filter, and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect. This issue affects Junos OS on QFX5000 Series and EX4600 Series: * All version before 21.2R3-S7, * 21.4 versions before 21.4R3-S6, * 22.1 versions before 22.1R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2. Please note that the implemented fix ensures these unsupported match conditions cannot be committed anymore.​
2024-07-11​
5.8
CVE-2024-39533
[email protected]
Juniper Networks--Junos OS
A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens depends on a race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode. Whether the leak occurs can be monitored with the following CLI command: > show ppm request-queue FPC   Pending-request fpc0          2 request-total-pending: 2 where a continuously increasing number of pending requests is indicative of the leak. This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S7, * 22.1 versions before 22.1R3-S4, * 22.2 versions before 22.2R3-S4, * 22.3 versions before 22.3R3, * 22.4 versions before 22.4R2-S2, 22.4R3. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R3-EVO.​
2024-07-11​
5.3
CVE-2024-39536
[email protected]
Juniper Networks--Junos OS
A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart. This issue affects Junos OS on MX Series: * All version before 21.2R3-S6, * 21.4 versions before 21.4R3-S6, * 22.1 versions before 22.1R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.​
2024-07-11​
5.3
CVE-2024-39539
[email protected]
Juniper Networks--Junos OS
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker's control. However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition. On all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update. Under certain circumstance and with specific timing, this could result in an rpd crash. This issue only affects systems with BGP multipath enabled. This issue affects: Junos OS: * All versions of 21.1 * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * All versions of 21.1-EVO, * All versions of 21.2-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. Versions of Junos OS before 21.1R1 are unaffected by this vulnerability. Versions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability.​
2024-07-10​
5.9
CVE-2024-39554
[email protected]
Juniper Networks--Junos OS
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an attacker to send TCP packets with SYN/FIN or SYN/RST flags, bypassing the expected blocking of these packets. A TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. However, when no-syn-check and Express Path are enabled, these TCP packets are unexpectedly transferred to the downstream network. This issue affects Junos OS on SRX4600 and SRX5000 Series: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.1 before 22.1R3-S6, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2.​
2024-07-10​
5.8
CVE-2024-39561
[email protected]
Juniper Networks--Junos OS Evolved
An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges. This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO, * from 23.4R1-EVO before 23.4R2-EVO.​
2024-07-10​
6.6
CVE-2024-39512
[email protected]
Juniper Networks--Junos OS Evolved
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). On all ACX 7000 Series platforms running Junos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic. This issue affects Junos OS Evolved:Â All versions from 22.2R1-EVO and later versions before 22.4R2-EVO, This issue does not affect Junos OS Evolved versions before 22.1R1-EVO.​
2024-07-11​
6.5
CVE-2024-39519
[email protected]
Juniper Networks--Junos OS Evolved
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When a device has a Layer 3 or an IRB interface configured in a VPLS instance and specific traffic is received, the evo-pfemand processes crashes which causes a service outage for the respective FPC until the system is recovered manually. This issue only affects Junos OS Evolved 22.4R2-S1 and 22.4R2-S2 releases and is fixed in 22.4R3. No other releases are affected.​
2024-07-11​
6.5
CVE-2024-39535
[email protected]
Juniper Networks--Junos OS Evolved
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports. This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO.​
2024-07-11​
6.5
CVE-2024-39537
[email protected]
Juniper Networks--Junos OS Evolved
A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered. This issue affects Junos OS Evolved on ACX7000 Series: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.​
2024-07-11​
6.5
CVE-2024-39538
[email protected]
Juniper Networks--Junos OS Evolved
An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity. This issue only happens when inline jflow is configured. This does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself. This issue affects Juniper Networks Junos OS Evolved: * 21.4 versions earlier than 21.4R3-S7-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S2-EVO; * 22.4 versions earlier than 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.​
2024-07-11​
6.5
CVE-2024-39553
[email protected]
Juniper Networks--Junos OS Evolved
An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS). Certain MAC table updates cause a small amount of memory to leak. Once memory utilization reaches its limit, the issue will result in a system crash and restart. To identify the issue, execute the CLI command: user@device> show platform application-info allocations app l2ald-agent EVL Object Allocation Statistics: Node  Application   Context Name                Live  Allocs  Fails   Guids re0  l2ald-agent        net::juniper::rtnh::L2Rtinfo    1069096 1069302  0     1069302 re0  l2ald-agent        net::juniper::rtnh::NHOpaqueTlv   114   195    0     195 This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.​
2024-07-10​
6.5
CVE-2024-39557
[email protected]
Juniper Networks--Junos OS Evolved
An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS). When a specific "clear" command is run, the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts. The crash impacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition. This issue affects Junos OS Evolved: * All versions before 20.4R3-S9-EVO, * from 21.2-EVO before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.​
2024-07-10​
5.5
CVE-2024-39513
[email protected]
Juniper Networks--Junos OS Evolved
An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device (vmcore) by sending a specific TCP packet over an established TCP session with MD5 authentication enabled, destined to an accessible port on the device, resulting in a Denial of Service (DoS). The receipt of this packet must occur within a specific timing window outside the attacker's control (i.e., race condition). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects dual RE systems with Nonstop Active Routing (NSR) enabled. Exploitation can only occur over TCP sessions with MD5 authentication enabled (e.g., BGP with MD5 authentication). This issue affects Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R2-S2-EVO, 22.4R3-EVO.​
2024-07-10​
5.9
CVE-2024-39559
[email protected]
khoj-ai--khoj
Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0.​
2024-07-08​
5.9
CVE-2024-25639
[email protected]
[email protected]
leap13--Premium Addons for Elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-12​
6.4
CVE-2024-6495
[email protected]
[email protected]
m_uysl--WP Total Branding Complete branding solution for WordPress
The WP Total Branding - Complete branding solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.​
2024-07-12​
5.5
CVE-2024-6625
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
mardojai--Simple Alert Boxes
The Simple Alert Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
6.4
CVE-2024-5937
[email protected]
[email protected]
metagauss--ProfileGrid User Profiles, Groups and Communities
The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the profile picture of any user.​
2024-07-10​
4.3
CVE-2024-6410
[email protected]
[email protected]
[email protected]
[email protected]
mhuertos--phpLDAPadmin
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajax_functions.js. The manipulation leads to http request smuggling. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named dd6e9583a2eb2ca085583765e8a63df5904cb036. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-270523.​
2024-07-11​
6.3
CVE-2016-15039
[email protected]
[email protected]
[email protected]
microsoft -- 365_apps
Microsoft Outlook Spoofing Vulnerability​
2024-07-09​
6.5
CVE-2024-38020
[email protected]
microsoft -- azure_kinect_software_development_kit
Azure Kinect SDK Remote Code Execution Vulnerability​
2024-07-09​
6.4
CVE-2024-38086
[email protected]
microsoft -- windows_10_1507
Microsoft Windows Server Backup Elevation of Privilege Vulnerability​
2024-07-09​
6.7
CVE-2024-38013
[email protected]
microsoft -- windows_10_1507
Windows Line Printer Daemon Service Denial of Service Vulnerability​
2024-07-09​
6.5
CVE-2024-38027
[email protected]
microsoft -- windows_10_1507
Windows Themes Spoofing Vulnerability​
2024-07-09​
6.5
CVE-2024-38030
[email protected]
microsoft -- windows_10_1507
Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability​
2024-07-09​
6.5
CVE-2024-38048
[email protected]
microsoft -- windows_10_1507
BitLocker Security Feature Bypass Vulnerability​
2024-07-09​
6.8
CVE-2024-38058
[email protected]
microsoft -- windows_10_1507
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
6.8
CVE-2024-38065
[email protected]
microsoft -- windows_10_1507
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability​
2024-07-09​
6.5
CVE-2024-38101
[email protected]
microsoft -- windows_10_1507
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability​
2024-07-09​
6.5
CVE-2024-38102
[email protected]
microsoft -- windows_10_1507
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability​
2024-07-09​
6.5
CVE-2024-38105
[email protected]
microsoft -- windows_10_1507
Microsoft Message Queuing Information Disclosure Vulnerability​
2024-07-09​
5.5
CVE-2024-38017
[email protected]
microsoft -- windows_10_1507
Microsoft Windows Codecs Library Information Disclosure Vulnerability​
2024-07-09​
5.5
CVE-2024-38055
[email protected]
microsoft -- windows_10_1507
Microsoft Windows Codecs Library Information Disclosure Vulnerability​
2024-07-09​
5.5
CVE-2024-38056
[email protected]
microsoft -- windows_10_1607
Windows Kernel Information Disclosure Vulnerability​
2024-07-09​
5.5
CVE-2024-38041
[email protected]
microsoft -- windows_server_2008
Windows Remote Desktop Licensing Service Denial of Service Vulnerability​
2024-07-09​
5.9
CVE-2024-38099
[email protected]
Microsoft--Windows 10 Version 1809
Windows iSCSI Service Denial of Service Vulnerability​
2024-07-09​
5.3
CVE-2024-35270
[email protected]
Microsoft--Windows 10 Version 1809
Windows Remote Access Connection Manager Information Disclosure Vulnerability​
2024-07-09​
4.7
CVE-2024-30071
[email protected]
Microsoft--Windows Server 2022
Secure Boot Security Feature Bypass Vulnerability​
2024-07-09​
6.8
CVE-2024-26184
[email protected]
Milan Petrovic--GD Rating System
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Milan Petrovic GD Rating System allows PHP Local File Inclusion.This issue affects GD Rating System: from n/a through 3.6.​
2024-07-12​
5.3
CVE-2024-38709
[email protected]
mommyheather -- advanced_backups
Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up.​
2024-07-09​
5.5
CVE-2024-39118
[email protected]
[email protected]
monospace -- directus
Directus is a real-time API and App dashboard for managing SQL database content. There was already a reported SSRF vulnerability via file import. It was fixed by resolving all DNS names and checking if the requested IP is an internal IP address. However it is possible to bypass this security measure and execute a SSRF using redirects. Directus allows redirects when importing file from the URL and does not check the result URL. Thus, it is possible to execute a request to an internal IP, for example to 127.0.0.1. However, it is blind SSRF, because Directus also uses response interception technique to get the information about the connect from the socket directly and it does not show a response if the IP address is internal. This vulnerability is fixed in 10.9.3.​
2024-07-08​
5
CVE-2024-39699
[email protected]
[email protected]
Mozilla--Firefox
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128.​
2024-07-09​
5.3
CVE-2024-6612
[email protected]
[email protected]
mythemeshop -- url_shortener
The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed​
2024-07-09​
4.8
CVE-2024-5802
[email protected]
MyThemeShop--SociallyViral
Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop SociallyViral.This issue affects SociallyViral: from n/a through 1.0.10.​
2024-07-12​
4.3
CVE-2024-37938
[email protected]
N/A--Cliengo Chatbot
Cross-Site Request Forgery (CSRF) vulnerability in Cliengo - Chatbot.This issue affects Cliengo - Chatbot: from n/a through 3.0.1.​
2024-07-09​
5.4
CVE-2024-37923
[email protected]
N/A--easyappointments
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.​
2024-07-09​
5
CVE-2023-3290
[email protected]
n/a--n/a
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length of Flash Config Section) to control a read from the QSPI device into a fixed sized buffer, resulting in a buffer overflow and execution of arbitrary code.​
2024-07-10​
6.8
CVE-2024-25076
[email protected]
n/a--n/a
A vulnerability was discovered in Samsung Mobile Processor Exynos 850, Exynos 9610, Exynos 980, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930 where it does not properly check a pointer address, which can lead to a Information disclosure.​
2024-07-09​
6
CVE-2024-27363
[email protected]
[email protected]
n/a--n/a
A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for rx coming from userspace, which can lead to heap overwrite.​
2024-07-09​
6.7
CVE-2024-27385
[email protected]
[email protected]
n/a--n/a
A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for tx coming from userspace, which can lead to heap overwrite.​
2024-07-09​
6.7
CVE-2024-27386
[email protected]
[email protected]
n/a--n/a
Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter.​
2024-07-09​
6.1
CVE-2024-38959
[email protected]
n/a--n/a
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6​
2024-07-10​
6.3
CVE-2024-40328
[email protected]
n/a--n/a
idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'​
2024-07-10​
6.1
CVE-2024-40336
[email protected]
n/a--n/a
A vulnerability was discovered in Samsung Mobile Processor Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, and Exynos 2400 that involves a time-of-check to time-of-use (TOCTOU) race condition, which can lead to a Denial of Service.​
2024-07-09​
5.1
CVE-2024-27361
[email protected]
[email protected]
n/a--n/a
A vulnerability was discovered in SS in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, and Exynos Modem 5300 that involves a NULL pointer dereference which can cause abnormal termination of a mobile phone via a manipulated packet.​
2024-07-09​
5.3
CVE-2024-28068
[email protected]
[email protected]
n/a--n/a
In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a new event and add it to his calendar. The user can also add other users to the event from the same domain, including administrator. A normal user can create an event with XSS payload inside "Titre" and "Description" parameters and add the administrator or any user to the event. When the other user (victim) visits his own profile (even without clicking on the event) the payload will be executed on the victim side.​
2024-07-09​
5.4
CVE-2024-39031
[email protected]
[email protected]
n/a--n/a
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.​
2024-07-10​
5.3
CVE-2024-39329
[email protected]
[email protected]
[email protected]
n/a--n/a
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.​
2024-07-09​
5.9
CVE-2024-40035
[email protected]
n/a--n/a
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev​
2024-07-09​
5.3
CVE-2024-40038
[email protected]
NetApp--SnapCenter
SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials.​
2024-07-09​
5.7
CVE-2024-21993
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/.​
2024-07-09​
6.1
CVE-2024-38972
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/.​
2024-07-09​
6.1
CVE-2024-40726
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/.​
2024-07-09​
6.1
CVE-2024-40727
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/.​
2024-07-09​
6.1
CVE-2024-40728
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/.​
2024-07-09​
6.1
CVE-2024-40729
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/{id}/edit/.​
2024-07-09​
6.1
CVE-2024-40730
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/{id}/edit/.​
2024-07-09​
6.1
CVE-2024-40731
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/.​
2024-07-09​
6.1
CVE-2024-40732
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/{id}/edit/.​
2024-07-09​
6.1
CVE-2024-40733
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/.​
2024-07-09​
6.1
CVE-2024-40734
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/.​
2024-07-09​
6.1
CVE-2024-40735
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add.​
2024-07-09​
6.1
CVE-2024-40736
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add.​
2024-07-09​
6.1
CVE-2024-40737
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/.​
2024-07-09​
6.1
CVE-2024-40738
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add.​
2024-07-09​
6.1
CVE-2024-40739
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/.​
2024-07-09​
6.1
CVE-2024-40740
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/.​
2024-07-09​
6.1
CVE-2024-40741
[email protected]
netbox -- netbox
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add.​
2024-07-09​
6.1
CVE-2024-40742
[email protected]
Netgear--WN604
A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-07-10​
5.3
CVE-2024-6646
[email protected]
[email protected]
[email protected]
[email protected]
nhibernate--nhibernate-core
NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL queries referencing a static field of the application; users of the SqlInsertBuilder and SqlUpdateBuilder utilities, calling their AddColumn overload taking a literal value; and any direct use of the ObjectToSQLString methods for building SQL queries on the user side. This vulnerability is fixed in 5.4.9 and 5.5.2.​
2024-07-08​
5.9
CVE-2024-39677
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Ninja Team--FileBird Document Library
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6.​
2024-07-10​
5.3
CVE-2024-37504
[email protected]
Nuvoton--NPCM7xx (Poleg) BootBlock
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.​
2024-07-11​
6.7
CVE-2024-38433
[email protected]
openclarity--kubeclarity
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in backend/pkg/database/id_view.go, while building the SQL Query the fmt.Sprintf function is used to build the query string without the input having first been subjected to any validation. This vulnerability is fixed in 2.23.1.​
2024-07-12​
6.5
CVE-2024-39909
[email protected]
[email protected]
[email protected]
opensearch-project--observability
OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14.​
2024-07-09​
5.4
CVE-2024-39901
[email protected]
[email protected]
[email protected]
opensearch-project--reporting
OpenSearch Dashboards Reports allows 'Report Owner' export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14.​
2024-07-09​
5.4
CVE-2024-39900
[email protected]
[email protected]
[email protected]
optemiz--XPlainer WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]
The XPlainer - WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to store cross-site scripting that will trigger when viewing the dashboard templates or accessing FAQs.​
2024-07-09​
6.4
CVE-2024-5669
[email protected]
[email protected]
optemiz--XPlainer WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]
https://github.com/project-zot/zot/blob/v2.1.0-rc2/pkg/storage/imagestore/imagestore.go#L1158-L1159CVE-2024-5704
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
pandavideo--Panda Video
The Panda Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
6.4
CVE-2024-5457
[email protected]
[email protected]
[email protected]
[email protected]
Patreon--Patreon WordPress
Authentication Bypass by Spoofing vulnerability in Patreon Patreon WordPress allows Functionality Misuse.This issue affects Patreon WordPress: from n/a through 1.9.0.​
2024-07-09​
5.3
CVE-2024-37430
[email protected]
Pauple--Table & Contact Form 7 Database Tablesome
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pauple Table & Contact Form 7 Database - Tablesome.This issue affects Table & Contact Form 7 Database - Tablesome: from n/a through 1.0.33.​
2024-07-10​
5.3
CVE-2024-37498
[email protected]
payflex -- payment_gateway
The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss.​
2024-07-11​
5.3
CVE-2024-0619
[email protected]
[email protected]
petesheppard84--Extensions for Elementor
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's EE Events and EE Flipbox widgets in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
6.4
CVE-2024-4868
[email protected]
[email protected]
[email protected]
photoweblog--OSM OpenStreetMap
The OSM - OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osm_map' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
6.4
CVE-2024-3603
[email protected]
[email protected]
pickplugins--Product Designer
The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary attachments.​
2024-07-09​
5.3
CVE-2024-3608
[email protected]
[email protected]
Ping Identity--PingFederate
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.​
2024-07-09​
5.3
CVE-2024-22377
[email protected]
plugin-devs -- blog\,_posts_and_category_filter_for_elementor
The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
5.4
CVE-2024-4667
[email protected]
[email protected]
[email protected]
PrivateBin--PrivateBin
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. This vulnerability is fixed in 1.7.4.​
2024-07-09​
5.3
CVE-2024-39899
[email protected]
[email protected]
[email protected]
project-zot--zot
zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob() allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled (it is enabled by default), then an attacker who knows the name of an image and the digest of a blob (that they do not have read access to), they may maliciously read it via a second repository they do have read access to. This attack is possible because [ImageStore.CheckBlob() calls checkCacheBlob()[/URL] to find the blob a global cache by searching for the digest. If it is found, it is copied to the user requested repository with copyBlob(). The attack may be mitigated by configuring "dedupe": false in the "storage" settings. The vulnerability is fixed in 2.1.0.​
2024-07-09​
4.3
CVE-2024-39897
[email protected]
[email protected]
publiccms -- publiccms
PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace.​
2024-07-12​
6.5
CVE-2024-40547
[email protected]
RadiusTheme--ShopBuilder Elementor WooCommerce Builder Addons
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RadiusTheme ShopBuilder - Elementor WooCommerce Builder Addons allows Path Traversal.This issue affects ShopBuilder - Elementor WooCommerce Builder Addons: from n/a through 2.1.12.​
2024-07-09​
6.5
CVE-2024-37520
[email protected]
randombit--botan
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.​
2024-07-08​
5.3
CVE-2024-34702
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
randombit--botan
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.​
2024-07-08​
5.3
CVE-2024-39312
[email protected]
realmag777--WPCS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in realmag777 WPCS allows Code Injection.This issue affects WPCS: from n/a through 1.2.0.3.​
2024-07-12​
6.5
CVE-2024-38700
[email protected]
Red Hat--Red Hat Enterprise Linux 6
A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.​
2024-07-13​
6.5
CVE-2023-39329
[email protected]
[email protected]
Red Hat--Red Hat Enterprise Linux 6
A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.​
2024-07-09​
5.5
CVE-2023-39328
[email protected]
[email protected]
Red Hat--Red Hat Enterprise Linux 6
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.​
2024-07-13​
4.3
CVE-2023-39327
[email protected]
[email protected]
Red Hat--Red Hat JBoss Enterprise Application Platform 8
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.​
2024-07-08​
5.3
CVE-2024-3653
[email protected]
[email protected]
[email protected]
redhat -- directory_server
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.​
2024-07-09​
6.5
CVE-2024-6237
[email protected]
[email protected]
[email protected]
rensas -- arm-trusted-firmware
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files https://github.com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.com/renesas-rcar/arm...gen3_v2.5/drivers/renesas/common/io/io_rcar.C . In line 313 "addr_loaded_cnt" is checked not to be "CHECK_IMAGE_AREA_CNT" (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of "dst" will be written to the area immediately after the buffer, which is "addr_loaded_cnt". This will allow an attacker to freely control the value of "addr_loaded_cnt" and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value ("len") they desire.​
2024-07-08​
6.7
CVE-2024-6563
[email protected]
[email protected]
rensas -- arm-trusted-firmware
Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.​
2024-07-08​
6.7
CVE-2024-6564
[email protected]
[email protected]
rico-macchi--WP Links Page
The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplf_ajax_update_screenshots' function in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to regenerate the link's thumbnail image.​
2024-07-13​
4.3
CVE-2024-6465
[email protected]
[email protected]
[email protected]
samsung -- android
Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.​
2024-07-08​
5.5
CVE-2024-34602
[email protected]
samsung -- android
Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.​
2024-07-08​
5.5
CVE-2024-34603
[email protected]
SAP_SE--SAP Business Warehouse - Business Planning and Simulation
SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application.​
2024-07-09​
6.1
CVE-2024-39594
[email protected]
[email protected]
SAP_SE--SAP Business Warehouse - Business Planning and Simulation
SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause low impact to the confidentiality and integrity of the application.​
2024-07-09​
5.4
CVE-2024-39595
[email protected]
[email protected]
SAP_SE--SAP Business Workflow (WebFlow Services)
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.​
2024-07-09​
5
CVE-2024-34689
[email protected]
[email protected]
SAP_SE--SAP CRM WebClient UI
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.​
2024-07-09​
6.1
CVE-2024-37173
[email protected]
[email protected]
SAP_SE--SAP CRM WebClient UI
Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.​
2024-07-09​
6.1
CVE-2024-37174
[email protected]
[email protected]
SAP_SE--SAP CRM WebClient UI
SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.​
2024-07-09​
5
CVE-2024-39598
[email protected]
[email protected]
SAP_SE--SAP CRM WebClient UI
SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.​
2024-07-09​
4.3
CVE-2024-37175
[email protected]
[email protected]
SAP_SE--SAP Enable Now
Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. On successful exploitation, the attacker can cause limited impact on confidentiality of the application.​
2024-07-09​
4.3
CVE-2024-39596
[email protected]
[email protected]
SAP_SE--SAP GUI for Windows
Under certain conditions, the memory of SAP GUI for Windows contains the password used to log on to an SAP system, which might allow an attacker to get hold of the password and impersonate the affected user. As a result, it has a high impact on the confidentiality but there is no impact on the integrity and availability.​
2024-07-09​
5
CVE-2024-39600
[email protected]
[email protected]
SAP_SE--SAP Landscape Management
SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities.​
2024-07-09​
6.9
CVE-2024-39593
[email protected]
[email protected]
SAP_SE--SAP NetWeaver Application Server for ABAP and ABAP Platform
Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on confidentiality of the application.​
2024-07-09​
4.1
CVE-2024-37180
[email protected]
[email protected]
SAP_SE--SAP NetWeaver Application Server for ABAP and ABAP Platform
Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability.​
2024-07-09​
4.7
CVE-2024-39599
[email protected]
[email protected]
SAP_SE--SAP NetWeaver Knowledge Management XMLEditor
Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application but it has a low impact on its confidentiality and integrity.​
2024-07-09​
6.1
CVE-2024-34685
[email protected]
[email protected]
SAP_SE--SAP S/4HANA Finance (Advanced Payment Management)
SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality and availability but there is no impact on the integrity.​
2024-07-09​
5.4
CVE-2024-37172
[email protected]
[email protected]
SAP_SE--SAP Transportation Management (Collaboration Portal)
SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that service. The information obtained could be used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. There is no effect on integrity or availability of the application.​
2024-07-09​
5
CVE-2024-37171
[email protected]
[email protected]
Saturday Drive--Ninja Forms
Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.​
2024-07-09​
5.4
CVE-2024-37934
[email protected]
schneider-electric -- ecostruxure_foxboro_dcs_control_core_services
CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.​
2024-07-11​
5.5
CVE-2024-5680
[email protected]
schneider-electric -- modicon_m241_firmware
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim's browser run arbitrary JavaScript when they visit a page containing the injected payload.​
2024-07-11​
6.1
CVE-2024-6528
[email protected]
ServiceNow--Now Platform
ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability is addressed in the listed patches and hot fixes, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.​
2024-07-10​
4.9
CVE-2024-5178
[email protected]
[email protected]
SERVIT Software Solutions--affiliate-toolkit
Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4.​
2024-07-10​
5.3
CVE-2024-37205
[email protected]
Siemens--RUGGEDCOM RMC8388 V5.X
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG907R (All versions < V5.9.0), RUGGEDCOM RSG908C (All versions < V5.9.0), RUGGEDCOM RSG909R (All versions < V5.9.0), RUGGEDCOM RSG910C (All versions < V5.9.0), RUGGEDCOM RSG920P V5.X (All versions < V5.9.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSL910 (All versions < V5.9.0), RUGGEDCOM RSL910NC (All versions < V5.9.0), RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0), RUGGEDCOM RST916C (All versions < V5.9.0), RUGGEDCOM RST916P (All versions < V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system.​
2024-07-09​
6.6
CVE-2024-38278
[email protected]
Siemens--RUGGEDCOM RST2228
A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0). The web server of the affected systems leaks the MACSEC key in clear text to a logged in user. An attacker with the credentials of a low privileged user could retrieve the MACSEC key and access (decrypt) the ethernet frames sent by authorized recipients.​
2024-07-09​
4.3
CVE-2023-52238
[email protected]
Siemens--SIMATIC Energy Manager Basic
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.​
2024-07-09​
5.3
CVE-2023-52891
[email protected]
Siemens--SIMATIC PCS 7 V9.1
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords.​
2024-07-09​
5.9
CVE-2024-30321
[email protected]
Siemens--SIMATIC STEP 7 Safety V16
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 7), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2), SIMATIC STEP 7 V16 (All versions < V16 Update 7), SIMATIC STEP 7 V17 (All versions < V17 Update 7), SIMATIC STEP 7 V18 (All versions < V18 Update 2), SIMATIC WinCC Unified V16 (All versions < V16 Update 7), SIMATIC WinCC Unified V17 (All versions < V17 Update 7), SIMATIC WinCC Unified V18 (All versions < V18 Update 2), SIMATIC WinCC V16 (All versions < V16.7), SIMATIC WinCC V17 (All versions < V17.7), SIMATIC WinCC V18 (All versions < V18 Update 2), SIMOCODE ES V16 (All versions < V16 Update 7), SIMOCODE ES V17 (All versions < V17 Update 7), SIMOCODE ES V18 (All versions < V18 Update 2), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 7), SIRIUS Safety ES V18 (All versions < V18 Update 2), SIRIUS Soft Starter ES V17 (All versions < V17 Update 7), SIRIUS Soft Starter ES V18 (All versions < V18 Update 2), Soft Starter ES V16 (All versions < V16 Update 7), TIA Portal Cloud V3.0 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing hardware configuration profiles. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300.​
2024-07-09​
6.5
CVE-2023-32735
[email protected]
Siemens--SIMATIC STEP 7 Safety V18
A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300.​
2024-07-09​
6.3
CVE-2023-32737
[email protected]
Siemens--SINEMA Remote Connect Client
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system.​
2024-07-09​
6.6
CVE-2024-39569
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually.​
2024-07-09​
6.5
CVE-2024-39869
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges.​
2024-07-09​
6.3
CVE-2024-39870
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to.​
2024-07-09​
6.3
CVE-2024-39871
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships.​
2024-07-09​
4.3
CVE-2024-39875
[email protected]
Siemens--SINEMA Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device.​
2024-07-09​
4
CVE-2024-39876
[email protected]
Siemens--SIPROTEC 5 6MD84 (CP300)
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.65), SIPROTEC 5 7SX85 (CP300) (All versions < V9.65), SIPROTEC 5 7UM85 (CP300) (All versions < V9.64), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.65), SIPROTEC 5 7VE85 (CP300) (All versions < V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.65), SIPROTEC 5 7VU85 (CP300) (All versions < V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS). This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from those ports.​
2024-07-09​
5.9
CVE-2024-38867
[email protected]
sirv--Image Optimizer, Resizer and CDN Sirv
The Image Optimizer, Resizer and CDN - Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.​
2024-07-11​
5.4
CVE-2024-6392
[email protected]
[email protected]
[email protected]
slui--Media Hygiene: Remove or Delete Unused Images and More!
The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. A nonce check was added in version 3.0.1, however, it wasn't until version 3.0.2 that a capability check was added.​
2024-07-09​
4.3
CVE-2024-5855
[email protected]
[email protected]
smashballoon -- feeds_for_youtube
The Feeds for YouTube (YouTube video, channel, and gallery plugin) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-11​
5.4
CVE-2024-6256
[email protected]
[email protected]
[email protected]
smub--Duplicator Migration & Backup Plugin
The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.​
2024-07-11​
5.3
CVE-2024-6210
[email protected]
[email protected]
[email protected]
sonaar--MP3 Audio Player Music Player, Podcast Player & Radio by Sonaar
The MP3 Audio Player - Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-10​
6.4
CVE-2024-5664
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester--Employee and Visitor Gate Pass Logging System
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function save_users of the file Users.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271057 was assigned to this vulnerability.​
2024-07-10​
4.3
CVE-2024-6649
[email protected]
[email protected]
[email protected]
[email protected]
squelch--Squelch Tabs and Accordions Shortcodes
The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tab' shortcode in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
6.4
CVE-2024-5946
[email protected]
[email protected]
[email protected]
stellarwp--LearnDash LMS Reports
The LearnDash LMS - Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update various plugin settings.​
2024-07-09​
5.4
CVE-2024-5648
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
stijnvanderree--Laposta
The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12. This is due to the plugin not preventing direct access to several test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. This plugin is no longer being maintained and has been closed for downloads.​
2024-07-13​
5.3
CVE-2024-6574
[email protected]
[email protected]
stitionai -- devika
A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. This vulnerability is due to the lack of input validation and sanitization on both the frontend and backend components of the application. Specifically, the application fails to sanitize user input in the chat feature, leading to the execution of arbitrary JavaScript code in the context of the user's browser session. This issue affects all versions of the application. The impact of this vulnerability includes the potential for stolen credentials, extraction of sensitive information from chat logs, projects, and other data accessible through the application.​
2024-07-08​
6.1
CVE-2024-5711
[email protected]
[email protected]
studiopress--Genesis Blocks
The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
6.4
CVE-2024-3563
[email protected]
[email protected]
Themeum--Tutor LMS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.​
2024-07-09​
4.9
CVE-2024-37266
[email protected]
timersys--WP Popups WordPress Popup builder
The WP Popups - WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.​
2024-07-12​
5.3
CVE-2024-6555
[email protected]
[email protected]
Tobias Conrad--Get Better Reviews for WooCommerce
Missing Authorization vulnerability in Tobias Conrad Get Better Reviews for WooCommerce.This issue affects Get Better Reviews for WooCommerce: from n/a through 4.0.6.​
2024-07-12​
4.3
CVE-2024-37544
[email protected]
tranbinhcse--Webico Slider Flatsome Addons
The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbc_image shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
6.4
CVE-2024-5881
[email protected]
[email protected]
TrustedLogin--TrustedLogin Vendor
Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin Vendor.This issue affects TrustedLogin Vendor: from n/a before 1.1.1.​
2024-07-10​
5.3
CVE-2024-37270
[email protected]
tyxla--Gravity Forms: Multiple Form Instances
The Gravity Forms: Multiple Form Instances plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.1. This is due to the plugin leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.​
2024-07-10​
5.3
CVE-2024-6550
[email protected]
[email protected]
[email protected]
Unknown--DN Footer Contacts
The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)​
2024-07-09​
4.3
CVE-2024-3410
[email protected]
Unknown--Social Media Widget
The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)​
2024-07-12​
4.8
CVE-2024-0974
[email protected]
Unknown--socialdriver-framework
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)​
2024-07-12​
4.8
CVE-2024-2696
[email protected]
unlimited-elements -- unlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
5.4
CVE-2024-6169
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
unlimited-elements -- unlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
5.4
CVE-2024-6170
[email protected]
[email protected]
[email protected]
[email protected]
unlimited-elements -- unlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass antispam functionality in the Form Builder widgets.​
2024-07-09​
5.3
CVE-2024-6171
[email protected]
[email protected]
[email protected]
[email protected]
vaethink -- vaethink
vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend.​
2024-07-09​
5.4
CVE-2024-38971
[email protected]
[email protected]
vaethink -- vaethink
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.​
2024-07-09​
4.9
CVE-2024-38970
[email protected]
[email protected]
vCita--Online Booking & Scheduling Calendar for WordPress by vcita
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Path Traversal.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.2.​
2024-07-09​
6.5
CVE-2024-37499
[email protected]
VolThemes--Patricia Lite
Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Lite.This issue affects Patricia Lite: from n/a through 1.2.3.​
2024-07-12​
4.3
CVE-2024-37939
[email protected]
wagtail--wagtail
Wagtail is an open source content management system built on Django. A bug in Wagtail's parse_query_string would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parse_query_string would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. If your Wagtail site has a custom search implementation which uses parse_query_string, it may be exploitable by other users (e.g. unauthenticated users). Patched versions have been released as Wagtail 5.2.6, 6.0.6 and 6.1.3.​
2024-07-11​
6.5
CVE-2024-39317
[email protected]
[email protected]
[email protected]
[email protected]
Webmin--Webmin
Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed.​
2024-07-10​
6.1
CVE-2024-36453
[email protected]
[email protected]
[email protected]
witmy--my-springsecurity-plus
A vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/user. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271111.​
2024-07-11​
6.3
CVE-2024-6676
[email protected]
[email protected]
[email protected]
witmy--my-springsecurity-plus
A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271152.​
2024-07-11​
6.3
CVE-2024-6679
[email protected]
[email protected]
[email protected]
witmy--my-springsecurity-plus
A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271153 was assigned to this vulnerability.​
2024-07-11​
6.3
CVE-2024-6680
[email protected]
[email protected]
[email protected]
witmy--my-springsecurity-plus
A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271154 is the identifier assigned to this vulnerability.​
2024-07-11​
6.3
CVE-2024-6681
[email protected]
[email protected]
[email protected]
wp2speed--WP2Speed Faster Optimize PageSpeed Insights Score 90-100
The WP2Speed Faster - Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to overwrite CSS, update the trial settings, purge the cache, and find attachments.​
2024-07-09​
5.3
CVE-2024-5810
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
wpbits--WPBITS Addons For Elementor Page Builder
The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-07-09​
6.4
CVE-2024-4862
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
wpkube--Social Sharing Plugin Kiwi
The Social Sharing Plugin - Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts.​
2024-07-09​
5.3
CVE-2024-3228
[email protected]
[email protected]
wpmudev -- branda
The Branda - White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.​
2024-07-11​
5.3
CVE-2024-6554
[email protected]
[email protected]
[email protected]
wpmudev--SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.​
2024-07-10​
5.3
CVE-2024-6556
[email protected]
[email protected]
wppuzzle--Comment Images Reloaded
The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cir_delete_image AJAX action in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary media attachments.​
2024-07-09​
4.3
CVE-2024-5856
[email protected]
[email protected]
wpweb--WooCommerce Social Login
Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3.​
2024-07-09​
5.4
CVE-2024-37502
[email protected]
WPZOOM--Beaver Builder Addons by WPZOOM
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5.​
2024-07-09​
4.9
CVE-2024-37464
[email protected]
WuKongOpenSource--Wukong_nocode
A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271051.​
2024-07-10​
6.3
CVE-2024-6645
[email protected]
[email protected]
[email protected]
[email protected]
zblogcn -- z-blogphp
A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.​
2024-07-08​
6.1
CVE-2024-39203
[email protected]
zmops--ArgusDBM
A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-271050 is the identifier assigned to this vulnerability.​
2024-07-10​
6.3
CVE-2024-6644
[email protected]
[email protected]
[email protected]
[email protected]
ZTE--ZXCLOUD IRAI
There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.​
2024-07-09​
6.3
CVE-2024-22062
[email protected]

[TD]
2024-07-09​
[/TD]
[TD]
[URL='https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-5704&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N']4.3​
[/TD]

Back to top

Low Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
Automattic--WooCommerce
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2.​
2024-07-09​
3.5
CVE-2024-35777
[email protected]
DREAM TRAIN INTERNET INC.--TONE store App
TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App.​
2024-07-10​
3.7
CVE-2024-39886
[email protected]
[email protected]
Fortinet--FortiProxy
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.​
2024-07-09​
3.4
CVE-2024-26015
[email protected]
Gallagher--Command Centre
Improper output Neutralization for Logs (CWE-117) in the Command Centre APIÂ Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects:Â Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).​
2024-07-11​
3.3
CVE-2024-23194
[email protected]
gitlab -- gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with admin_group_member custom role permission could ban group members.​
2024-07-11​
2.7
CVE-2024-2880
[email protected]
[email protected]
gitlab -- gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admin_compliance_framework custom role may have been able to modify the URL for a group namespace.​
2024-07-11​
2.7
CVE-2024-5257
[email protected]
[email protected]
gitlab -- gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with admin_push_rules permission may have been able to create project-level deploy tokens.​
2024-07-11​
2.7
CVE-2024-5470
[email protected]
[email protected]
nodejs--undici
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a fetch() request, response.arrayBuffer() might include portion of memory from the Node.js process. This has been patched in v6.19.2.​
2024-07-08​
2
CVE-2024-38372
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Photo Gallery Team--Photo Gallery by Ays
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1.​
2024-07-09​
3.8
CVE-2024-37442
[email protected]
Ping Identity--PingFederate
A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.​
2024-07-09​
3.5
CVE-2024-21832
[email protected]
Ping Identity--PingFederate
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.​
2024-07-09​
1.8
CVE-2024-22477
[email protected]
Red Hat--Red Hat Enterprise Linux 6
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.​
2024-07-09​
3.1
CVE-2024-6501
[email protected]
[email protected]
samsung -- exynos_modem_5300_firmware
A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext.​
2024-07-09​
3.7
CVE-2024-28067
[email protected]
[email protected]
SAP_SE--SAP Enable Now
Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker can cause limited impact on confidentiality and Integrity of the application.​
2024-07-09​
3.3
CVE-2024-34692
[email protected]
[email protected]
Siemens--JT Open
A vulnerability has been identified in JT Open (All versions < V11.5), PLM XML SDK (All versions < V7.1.0.014). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.​
2024-07-09​
3.3
CVE-2024-37996
[email protected]
Silicon Labs--Simplicity SDK
Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.​
2024-07-12​
3.1
CVE-2023-41093
[email protected]
SourceCodester--Employee and Visitor Gate Pass Logging System
A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function save_designation of the file /classes/Master.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271058 is the identifier assigned to this vulnerability.​
2024-07-10​
2.4
CVE-2024-6650
[email protected]
[email protected]
[email protected]
[email protected]
WpDirectoryKit--WP Directory Kit
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP Directory Kit: from n/a through 1.3.6.​
2024-07-09​
2.7
CVE-2024-37253
[email protected]

Back to top

Severity Not Yet Assigned​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
/n software--IPWorks SSH SFTPServer
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public key or certificate (which would most likely be a separate vulnerability in the calling application). IPWorks SSH versions 22.0.8945 and 24.0.8945 were released to address this condition by blocking all filesystem and network path requests for SSH public keys or certificates.​
2024-07-08​
not yet calculated​
CVE-2024-6580
9119a7d8-5eab-497f-8521-727c672e3725
aimhubio--aimhubio/aim
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause a denial of service by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.​
2024-07-08​
not yet calculated​
CVE-2024-6227
[email protected]
aimhubio--aimhubio/aim
A vulnerability in the _backup_run function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the run_hash and repo.path parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.​
2024-07-12​
not yet calculated​
CVE-2024-6396
[email protected]
Apache Software Foundation--Apache Wicket
The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue.​
2024-07-12​
not yet calculated​
CVE-2024-36522
[email protected]
[email protected]
Citrix--Citrix Provisioning
A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning​
2024-07-10​
not yet calculated​
CVE-2024-6150
[email protected]
Citrix--Citrix Workspace app for HTML5
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5​
2024-07-10​
not yet calculated​
CVE-2024-6148
[email protected]
Citrix--Citrix Workspace app for HTML5
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5​
2024-07-10​
not yet calculated​
CVE-2024-6149
[email protected]
Citrix--Citrix Workspace app for Windows
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows​
2024-07-10​
not yet calculated​
CVE-2024-6286
[email protected]
Citrix--uberAgent
Privilege escalation in uberAgent​
2024-07-12​
not yet calculated​
CVE-2024-6677
[email protected]
Citrix--Windows Virtual Delivery Agent
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS​
2024-07-10​
not yet calculated​
CVE-2024-6151
[email protected]
Delta Electronics--CNCSoft-G2
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.​
2024-07-09​
not yet calculated​
CVE-2024-39881
[email protected]
Delta Electronics--CNCSoft-G2
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.​
2024-07-09​
not yet calculated​
CVE-2024-39882
[email protected]
Delta Electronics--CNCSoft-G2
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.​
2024-07-09​
not yet calculated​
CVE-2024-39883
[email protected]
gaizhenbiao--gaizhenbiao/chuanhuchatgpt
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fn_index":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity.​
2024-07-10​
not yet calculated​
CVE-2024-6036
[email protected]
gaizhenbiao--gaizhenbiao/chuanhuchatgpt
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption.​
2024-07-10​
not yet calculated​
CVE-2024-6037
[email protected]
Google--Android
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
not yet calculated​
CVE-2023-21114
[email protected]
[email protected]
[email protected]
[email protected]
Google--Android
In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.​
2024-07-09​
not yet calculated​
CVE-2024-31310
[email protected]
[email protected]
Google--Android
In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-07-09​
not yet calculated​
CVE-2024-31312